Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-12151 (GCVE-0-2026-12151)
Vulnerability from cvelistv5 – Published: 2026-06-17 16:05 – Updated: 2026-07-09 12:09| URL | Tags |
|---|---|
| https://github.com/nodejs/undici/security/advisor… | |
| https://cna.openjsf.org/security-advisories.html | |
| https://access.redhat.com/security/cve/CVE-2026-12151 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2489980 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:35842 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:35841 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:35892 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:35891 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:34342 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:36754 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:36820 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| undici | undici |
Affected:
0 , < 6.26.0
(semver)
Unaffected: 6.26.0 (semver) Affected: 7.0.0 , < 7.28.0 (semver) Unaffected: 7.28.0 (semver) Affected: 8.0.0 , < 8.5.0 (semver) Unaffected: 8.5.0 (semver) |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Cluster Observability Operator 1.5.0 |
cpe:/a:redhat:cluster_observability_operator:1.5::el9 |
|
| Red Hat | Red Hat Developer Hub 1.10 |
cpe:/a:redhat:rhdh:1.10::el9 |
|
| Red Hat | Red Hat OpenShift Dev Spaces 3.29 |
cpe:/a:redhat:openshift_devspaces:3.29::el9 |
|
| Red Hat | Cryostat 4 |
cpe:/a:redhat:cryostat:4 |
|
| Red Hat | OpenShift Pipelines |
cpe:/a:redhat:openshift_pipelines:1 |
|
| Red Hat | Red Hat AMQ Broker 7 |
cpe:/a:redhat:amq_broker:7 |
|
| Red Hat | Red Hat Build of Podman Desktop |
cpe:/a:redhat:podman_desktop:1 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat Openshift Data Foundation 4 |
cpe:/a:redhat:openshift_data_foundation:4 |
|
| Red Hat | Red Hat OpenShift Dev Spaces |
cpe:/a:redhat:openshift_devspaces:3 |
|
| Red Hat | Self-service automation portal 2 |
cpe:/a:redhat:ansible_portal:2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T17:29:57.305732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T17:30:13.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.5::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.5.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.10::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.29::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.29",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "affected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "affected",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:1"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_portal:2"
],
"defaultStatus": "affected",
"product": "Self-service automation portal 2",
"vendor": "Red Hat"
}
],
"datePublic": "2026-06-17T16:05:38.785Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T12:09:31.221Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-12151"
},
{
"name": "RHBZ#2489980",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12151.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34342"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:35842: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:35841: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:35892: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:35891: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
},
{
"lang": "en",
"value": "RHSA-2026:36754: Red Hat Developer Hub 1.10"
},
{
"lang": "en",
"value": "RHSA-2026:36820: Red Hat OpenShift Dev Spaces 3.29"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-17T17:01:45.297Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-17T16:05:38.785Z",
"value": "Made public."
}
],
"title": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/undici",
"product": "undici",
"vendor": "undici",
"versions": [
{
"lessThan": "6.26.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "6.26.0",
"versionType": "semver"
},
{
"lessThan": "7.28.0",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "7.28.0",
"versionType": "semver"
},
{
"lessThan": "8.5.0",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "8.5.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "lpinca"
},
{
"lang": "en",
"type": "finder",
"value": "Nadav0077"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "UlisesGascon"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Impact:\nThe undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size validation, collectively causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.\n\nAffected applications are those using the undici WebSocket client (new WebSocket(...)) or the WebSocketStream API that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.\n\nAll releases starting at undici 6.17.0 are affected.\n\nPatches:\u0026nbsp;Upgrade to undici \u0026gt;= 6.26.0, \u0026gt;= 7.28.0, or \u0026gt;= 8.5.0.\u0026nbsp;Workarounds:\nNo workaround is available. The fix must be applied through an upgrade."
}
],
"value": "Impact:\nThe undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size validation, collectively causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.\n\nAffected applications are those using the undici WebSocket client (new WebSocket(...)) or the WebSocketStream API that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.\n\nAll releases starting at undici 6.17.0 are affected.\n\nPatches:\u00a0Upgrade to undici \u003e= 6.26.0, \u003e= 7.28.0, or \u003e= 8.5.0.\u00a0Workarounds:\nNo workaround is available. The fix must be applied through an upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T16:05:38.785Z",
"orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"shortName": "openjs"
},
"references": [
{
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q"
},
{
"url": "https://cna.openjsf.org/security-advisories.html"
}
],
"title": "undici WebSocket client vulnerable to denial of service via fragment count bypass",
"x_generator": {
"engine": "cve-kit 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"assignerShortName": "openjs",
"cveId": "CVE-2026-12151",
"datePublished": "2026-06-17T16:05:38.785Z",
"dateReserved": "2026-06-12T18:14:04.454Z",
"dateUpdated": "2026-07-09T12:09:31.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-12151",
"date": "2026-07-09",
"epss": "0.00759",
"percentile": "0.50881"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-12151\",\"sourceIdentifier\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"published\":\"2026-06-17T17:16:42.370\",\"lastModified\":\"2026-07-09T13:16:47.673\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Impact:\\nThe undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size validation, collectively causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.\\n\\nAffected applications are those using the undici WebSocket client (new WebSocket(...)) or the WebSocketStream API that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.\\n\\nAll releases starting at undici 6.17.0 are affected.\\n\\nPatches:\u00a0Upgrade to undici \u003e= 6.26.0, \u003e= 7.28.0, or \u003e= 8.5.0.\u00a0Workarounds:\\nNo workaround is available. The fix must be applied through an upgrade.\"}],\"affected\":[{\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"affectedData\":[{\"vendor\":\"undici\",\"product\":\"undici\",\"defaultStatus\":\"unaffected\",\"packageURL\":\"pkg:npm/undici\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"6.26.0\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"6.26.0\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.0.0\",\"lessThan\":\"7.28.0\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.28.0\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"8.0.0\",\"lessThan\":\"8.5.0\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"8.5.0\",\"versionType\":\"semver\",\"status\":\"unaffected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cluster Observability Operator 1.5.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cluster_observability_operator:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub 1.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1.10::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces 3.29\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3.29::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Pipelines\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AMQ Broker 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_broker:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Build of Podman Desktop\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:podman_desktop:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Self-service automation portal 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_portal:2\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-17T17:29:57.305732Z\",\"id\":\"CVE-2026-12151\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"},{\"lang\":\"en\",\"value\":\"CWE-770\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"6.17.0\",\"versionEndExcluding\":\"6.27.0\",\"matchCriteriaId\":\"7DA00D4B-2ABC-49EC-A803-82DAC769A362\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.28.0\",\"matchCriteriaId\":\"0C34D757-BB16-4E28-95D8-7D3FAC851B69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.5.0\",\"matchCriteriaId\":\"37F3655C-C7AE-4B13-A5EB-6FE0A9566124\"}]}]}],\"references\":[{\"url\":\"https://cna.openjsf.org/security-advisories.html\",\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q\",\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34342\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35841\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35842\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35891\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35892\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36754\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36820\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-12151\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2489980\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12151.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cluster_observability_operator:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Cluster Observability Operator 1.5.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub 1.10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3.29::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces 3.29\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cryostat:4\"], \"vendor\": \"Red Hat\", \"product\": \"Cryostat 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_pipelines:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Pipelines\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_broker:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AMQ Broker 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:podman_desktop:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Build of Podman Desktop\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_data_foundation:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Openshift Data Foundation 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_portal:2\"], \"vendor\": \"Red Hat\", \"product\": \"Self-service automation portal 2\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-06-17T17:01:45.297Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-06-17T16:05:38.785Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:35842: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35841: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35892: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35891: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34342: Cluster Observability Operator 1.5.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36754: Red Hat Developer Hub 1.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36820: Red Hat OpenShift Dev Spaces 3.29\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-06-17T16:05:38.785Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-12151\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2489980\", \"name\": \"RHBZ#2489980\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12151.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35842\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35841\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35892\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35891\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34342\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36754\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36820\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-09T12:09:31.221Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-12151\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-17T17:29:57.305732Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-17T17:30:10.410Z\"}}], \"cna\": {\"title\": \"undici WebSocket client vulnerable to denial of service via fragment count bypass\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"lpinca\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Nadav0077\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"UlisesGascon\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"undici\", \"product\": \"undici\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.26.0\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.26.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"lessThan\": \"7.28.0\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"7.28.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.0.0\", \"lessThan\": \"8.5.0\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"8.5.0\", \"versionType\": \"semver\"}], \"packageURL\": \"pkg:npm/undici\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q\"}, {\"url\": \"https://cna.openjsf.org/security-advisories.html\"}], \"x_generator\": {\"engine\": \"cve-kit 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Impact:\\nThe undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size validation, collectively causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.\\n\\nAffected applications are those using the undici WebSocket client (new WebSocket(...)) or the WebSocketStream API that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.\\n\\nAll releases starting at undici 6.17.0 are affected.\\n\\nPatches:\\u00a0Upgrade to undici \u003e= 6.26.0, \u003e= 7.28.0, or \u003e= 8.5.0.\\u00a0Workarounds:\\nNo workaround is available. The fix must be applied through an upgrade.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Impact:\\nThe undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size validation, collectively causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.\\n\\nAffected applications are those using the undici WebSocket client (new WebSocket(...)) or the WebSocketStream API that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.\\n\\nAll releases starting at undici 6.17.0 are affected.\\n\\nPatches:\u0026nbsp;Upgrade to undici \u0026gt;= 6.26.0, \u0026gt;= 7.28.0, or \u0026gt;= 8.5.0.\u0026nbsp;Workarounds:\\nNo workaround is available. The fix must be applied through an upgrade.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"ce714d77-add3-4f53-aff5-83d477b104bb\", \"shortName\": \"openjs\", \"dateUpdated\": \"2026-06-17T16:05:38.785Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-12151\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-09T12:09:31.221Z\", \"dateReserved\": \"2026-06-12T18:14:04.454Z\", \"assignerOrgId\": \"ce714d77-add3-4f53-aff5-83d477b104bb\", \"datePublished\": \"2026-06-17T16:05:38.785Z\", \"assignerShortName\": \"openjs\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:35891
Vulnerability from csaf_redhat - Published: 2026-07-06 14:47 - Updated: 2026-07-08 23:16A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.
CWE-940 - Improper Verification of Source of a Communication Channel| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js's default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.
CWE-1286 - Improper Validation of Syntactic Correctness of Input| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.
CWE-279 - Incorrect Execution-Assigned Permissions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:24 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (CVE-2026-42338)\n\n* undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (CVE-2026-12151)\n\n* undici: Undici: Information disclosure due to improper cache-control header parsing (CVE-2026-9678)\n\n* undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery. (CVE-2026-6733)\n\n* undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header (CVE-2026-11525)\n\n* undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy (CVE-2026-9697)\n\n* undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing (CVE-2026-6734)\n\n* nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames (CVE-2026-48619)\n\n* nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling (CVE-2026-48930)\n\n* nodejs: Node.js: Unauthorized file metadata modification (CVE-2026-48935)\n\n* nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt() (CVE-2026-48933)\n\n* nodejs: Node.js: Certification validation bypass in TLS host verification (CVE-2026-48934)\n\n* Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency (CVE-2026-48928)\n\n* nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling (CVE-2026-48615)\n\n* nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch (CVE-2026-48618)\n\nBug Fix(es) and Enhancement(s):\n\n* nodejs:24/nodejs: Rebase to the latest Node.js 24 release [rhel-9.8.z] (JIRA:RHEL-186580)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35891",
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "2490018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"category": "external",
"summary": "2490024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024"
},
{
"category": "external",
"summary": "2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "RHEL-186580",
"url": "https://issues.redhat.com/browse/RHEL-186580"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35891.json"
}
],
"title": "Red Hat Security Advisory: nodejs:24 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-07-08T23:16:01+00:00",
"generator": {
"date": "2026-07-08T23:16:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:35891",
"initial_release_date": "2026-07-06T14:47:52+00:00",
"revision_history": [
{
"date": "2026-07-06T14:47:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T14:47:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T23:16:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"product": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src (nodejs:24)",
"product_id": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=src\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"product": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src (nodejs:24)",
"product_id": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.3-3.module%2Bel9.8.0%2B24355%2B35d95b59?arch=src\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src (nodejs:24)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.8.0%2B24355%2B35d95b59?arch=src\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"product": {
"name": "nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch (nodejs:24)",
"product_id": "nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch (nodejs:24)",
"product_id": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.3-3.module%2Bel9.8.0%2B24355%2B35d95b59?arch=noarch\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch (nodejs:24)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.8.0%2B24355%2B35d95b59?arch=noarch\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch (nodejs:24)",
"product_id": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-6.module%2Bel9.8.0%2B24355%2B35d95b59?arch=noarch\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"product": {
"name": "npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch (nodejs:24)",
"product_id": "npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@11.16.0-1.24.18.0.1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.18.0.1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=3\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.18.0.1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=3\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.18.0.1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=3\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.18.0.1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=3\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24"
},
"product_reference": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24"
},
"product_reference": "nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24"
},
"product_reference": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24"
},
"product_reference": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24"
},
"product_reference": "npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6733",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:02:16.713859+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici\u0027s HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Low: A flaw in Undici\u0027s HTTP/1.1 client, as used in various Red Hat products, allows an attacker-controlled upstream server to inject unsolicited responses onto reused keep-alive sockets. This can lead to incorrect response delivery, potentially impacting data integrity, but requires a compromised server and active keep-alive connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6733"
},
{
"category": "external",
"summary": "RHBZ#2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3582376",
"url": "https://hackerone.com/reports/3582376"
}
],
"release_date": "2026-06-17T17:14:50.991000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery."
},
{
"cve": "CVE-2026-6734",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:04:00.272340+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490024"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as an Important security flaw. The `undici` library, when configured with `Socks5ProxyAgent` to handle requests for multiple origins, incorrectly reuses connection pools. This can lead to sensitive data and credentials being misrouted to unintended destinations, potentially downgrading HTTPS connections to HTTP and compromising data integrity and confidentiality. Red Hat products utilizing `undici` with `Socks5ProxyAgent` in multi-origin scenarios are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "RHBZ#2490024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj"
}
],
"release_date": "2026-06-17T16:36:55.439000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "The single most impactful mitigation is applying network egress controls to restrict which external destinations affected applications can reach. Because the vulnerability causes requests to be misrouted to wrong origins, limiting the set of reachable origins directly reduces the attack surface. These controls collectively limit the blast radius of the connection pool misrouting \u2014 the attacker must compromise one of the explicitly allowed destinations rather than any arbitrary origin \u2014 but they do not fix the underlying logic bug.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing"
},
{
"cve": "CVE-2026-9678",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:01:33.359372+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Information disclosure due to improper cache-control header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate information disclosure flaw in Undici\u0027s cache interceptor, when configured in shared-cache mode, allows an unauthenticated attacker to retrieve sensitive authenticated user data. This is due to incorrect parsing of Cache-Control headers containing whitespace-padded field names, leading to cached responses being served improperly. Red Hat products are affected if they explicitly enable shared-cache mode, forward Authorization headers, and process non-canonical Cache-Control directives.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9678"
},
{
"category": "external",
"summary": "RHBZ#2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6"
}
],
"release_date": "2026-06-17T17:04:09.680000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: Information disclosure due to improper cache-control header parsing"
},
{
"cve": "CVE-2026-9697",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-17T19:03:30.813843+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici\u0027s ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js\u0027s default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability. Applications using `undici`\u0027s `ProxyAgent` with a SOCKS5 proxy URI will silently ignore user-configured TLS options, including custom Certificate Authorities. This bypasses intended security controls for HTTPS communication, enabling a remote attacker to perform Man-in-the-Middle attacks, potentially leading to information disclosure or arbitrary code execution in affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "RHBZ#2490018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g"
}
],
"release_date": "2026-06-17T16:46:42.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy"
},
{
"cve": "CVE-2026-11525",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:02:29.292011+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie\u0027s SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low impact flaw in undici, as used in various Red Hat products, arises from incorrect parsing of the `SameSite` cookie attribute. A malicious server could exploit this by sending a specially crafted `Set-Cookie` header, causing the `SameSite` policy to be downgraded to a less secure setting. This could lead to a minor weakening of security protections or unintended information disclosure in applications that process and rely on these cookie attributes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-11525"
},
{
"category": "external",
"summary": "RHBZ#2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-11525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m"
}
],
"release_date": "2026-06-17T17:31:03.163000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header"
},
{
"cve": "CVE-2026-12151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-17T17:01:45.297604+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489980"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the `undici` WebSocket client allows a remote attacker to cause unbounded memory growth. By sending numerous small or empty WebSocket frames, an unauthenticated attacker can exhaust system memory, leading to a denial of service in Red Hat products that use the affected client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "RHBZ#2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q"
}
],
"release_date": "2026-06-17T16:05:38.785000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-48615",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-06-26T02:01:59.112093+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "RHBZ#2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling"
},
{
"cve": "CVE-2026-48618",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:02:10.741725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Node.js allows for a TLS wildcard-depth authentication bypass due to a mismatch in how hostnames and unicode dot separators are handled during authentication. This could enable an attacker to circumvent security boundaries, potentially leading to unauthorized access and compromise of sensitive information in applications utilizing Node.js for TLS connections. The issue affects Node.js versions 22, 24, and 26 as shipped in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "RHBZ#2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch"
},
{
"cve": "CVE-2026-48619",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:06.466413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in the Node.js HTTP/2 client can lead to a denial of service. A malicious server could exploit this by sending an excessive number of ORIGIN frames, causing the client to consume all available memory. This affects Red Hat products utilizing Node.js as an HTTP/2 client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "RHBZ#2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.541000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames"
},
{
"cve": "CVE-2026-48928",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:01:48.441706+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "RHBZ#2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.981000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency"
},
{
"cve": "CVE-2026-48930",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-06-26T02:01:11.476251+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "RHBZ#2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48930"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930"
},
{
"category": "external",
"summary": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e",
"url": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3656716",
"url": "https://hackerone.com/reports/3656716"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:37.006000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling"
},
{
"cve": "CVE-2026-48933",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:39.107538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493331"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Node.js WebCrypto, as a remote attacker can crash the Node.js process by providing a specially crafted large input to the `subtle.encrypt()` function. This could lead to service unavailability in Red Hat environments where Node.js applications process untrusted data with WebCrypto.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "RHBZ#2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.823000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()"
},
{
"cve": "CVE-2026-48934",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-26T02:01:43.284771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Certification validation bypass in TLS host verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "RHBZ#2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Certification validation bypass in TLS host verification"
},
{
"cve": "CVE-2026-48935",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2026-06-26T02:01:29.191932+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493329"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Unauthorized file metadata modification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "RHBZ#2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.641000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Unauthorized file metadata modification"
}
]
}
RHSA-2026:35892
Vulnerability from csaf_redhat - Published: 2026-07-06 15:07 - Updated: 2026-07-08 23:16A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.
CWE-940 - Improper Verification of Source of a Communication Channel| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.
CWE-1286 - Improper Validation of Syntactic Correctness of Input| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.
CWE-279 - Incorrect Execution-Assigned Permissions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (CVE-2026-42338)\n\n* undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (CVE-2026-12151)\n\n* undici: Undici: Information disclosure due to improper cache-control header parsing (CVE-2026-9678)\n\n* undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery. (CVE-2026-6733)\n\n* undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header (CVE-2026-11525)\n\n* nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames (CVE-2026-48619)\n\n* nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling (CVE-2026-48930)\n\n* nodejs: Node.js: Unauthorized file metadata modification (CVE-2026-48935)\n\n* nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt() (CVE-2026-48933)\n\n* nodejs: Node.js: Certification validation bypass in TLS host verification (CVE-2026-48934)\n\n* Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency (CVE-2026-48928)\n\n* nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling (CVE-2026-48615)\n\n* nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch (CVE-2026-48618)\n\nBug Fix(es) and Enhancement(s):\n\n* nodejs:22/nodejs: Rebase to the latest Node.js 22 release [rhel-9.8.z] (JIRA:RHEL-186622)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35892",
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "RHEL-186622",
"url": "https://issues.redhat.com/browse/RHEL-186622"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35892.json"
}
],
"title": "Red Hat Security Advisory: nodejs:22 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-07-08T23:16:04+00:00",
"generator": {
"date": "2026-07-08T23:16:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:35892",
"initial_release_date": "2026-07-06T15:07:52+00:00",
"revision_history": [
{
"date": "2026-07-06T15:07:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T15:07:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T23:16:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"product": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src (nodejs:22)",
"product_id": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=src\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src (nodejs:22)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.8.0%2B24156%2Bbb41d456?arch=src\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src (nodejs:22)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.8.0%2B24156%2Bbb41d456?arch=src\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"product": {
"name": "nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch (nodejs:22)",
"product_id": "nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch (nodejs:22)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.8.0%2B24156%2Bbb41d456?arch=noarch\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch (nodejs:22)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.8.0%2B24156%2Bbb41d456?arch=noarch\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch (nodejs:22)",
"product_id": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-6.module%2Bel9.8.0%2B24156%2Bbb41d456?arch=noarch\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.8-1.22.23.1.1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.23.1.1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=aarch64\u0026epoch=3\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.8-1.22.23.1.1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.23.1.1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=ppc64le\u0026epoch=3\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.8-1.22.23.1.1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.23.1.1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=s390x\u0026epoch=3\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.8-1.22.23.1.1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.23.1.1.module%2Bel9.8.0%2B24457%2B996af7aa?arch=x86_64\u0026epoch=3\u0026rpmmod=nodejs:22:9080020260626075442:rhel9"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22"
},
"product_reference": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22"
},
"product_reference": "nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6733",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:02:16.713859+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici\u0027s HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Low: A flaw in Undici\u0027s HTTP/1.1 client, as used in various Red Hat products, allows an attacker-controlled upstream server to inject unsolicited responses onto reused keep-alive sockets. This can lead to incorrect response delivery, potentially impacting data integrity, but requires a compromised server and active keep-alive connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6733"
},
{
"category": "external",
"summary": "RHBZ#2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3582376",
"url": "https://hackerone.com/reports/3582376"
}
],
"release_date": "2026-06-17T17:14:50.991000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery."
},
{
"cve": "CVE-2026-9678",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:01:33.359372+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Information disclosure due to improper cache-control header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate information disclosure flaw in Undici\u0027s cache interceptor, when configured in shared-cache mode, allows an unauthenticated attacker to retrieve sensitive authenticated user data. This is due to incorrect parsing of Cache-Control headers containing whitespace-padded field names, leading to cached responses being served improperly. Red Hat products are affected if they explicitly enable shared-cache mode, forward Authorization headers, and process non-canonical Cache-Control directives.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9678"
},
{
"category": "external",
"summary": "RHBZ#2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6"
}
],
"release_date": "2026-06-17T17:04:09.680000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: Information disclosure due to improper cache-control header parsing"
},
{
"cve": "CVE-2026-11525",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:02:29.292011+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie\u0027s SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low impact flaw in undici, as used in various Red Hat products, arises from incorrect parsing of the `SameSite` cookie attribute. A malicious server could exploit this by sending a specially crafted `Set-Cookie` header, causing the `SameSite` policy to be downgraded to a less secure setting. This could lead to a minor weakening of security protections or unintended information disclosure in applications that process and rely on these cookie attributes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-11525"
},
{
"category": "external",
"summary": "RHBZ#2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-11525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m"
}
],
"release_date": "2026-06-17T17:31:03.163000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header"
},
{
"cve": "CVE-2026-12151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-17T17:01:45.297604+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489980"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the `undici` WebSocket client allows a remote attacker to cause unbounded memory growth. By sending numerous small or empty WebSocket frames, an unauthenticated attacker can exhaust system memory, leading to a denial of service in Red Hat products that use the affected client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "RHBZ#2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q"
}
],
"release_date": "2026-06-17T16:05:38.785000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-48615",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-06-26T02:01:59.112093+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "RHBZ#2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling"
},
{
"cve": "CVE-2026-48618",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:02:10.741725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Node.js allows for a TLS wildcard-depth authentication bypass due to a mismatch in how hostnames and unicode dot separators are handled during authentication. This could enable an attacker to circumvent security boundaries, potentially leading to unauthorized access and compromise of sensitive information in applications utilizing Node.js for TLS connections. The issue affects Node.js versions 22, 24, and 26 as shipped in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "RHBZ#2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch"
},
{
"cve": "CVE-2026-48619",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:06.466413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in the Node.js HTTP/2 client can lead to a denial of service. A malicious server could exploit this by sending an excessive number of ORIGIN frames, causing the client to consume all available memory. This affects Red Hat products utilizing Node.js as an HTTP/2 client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "RHBZ#2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.541000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames"
},
{
"cve": "CVE-2026-48928",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:01:48.441706+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "RHBZ#2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.981000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency"
},
{
"cve": "CVE-2026-48930",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-06-26T02:01:11.476251+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "RHBZ#2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48930"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930"
},
{
"category": "external",
"summary": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e",
"url": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3656716",
"url": "https://hackerone.com/reports/3656716"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:37.006000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling"
},
{
"cve": "CVE-2026-48933",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:39.107538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493331"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Node.js WebCrypto, as a remote attacker can crash the Node.js process by providing a specially crafted large input to the `subtle.encrypt()` function. This could lead to service unavailability in Red Hat environments where Node.js applications process untrusted data with WebCrypto.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "RHBZ#2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.823000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()"
},
{
"cve": "CVE-2026-48934",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-26T02:01:43.284771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Certification validation bypass in TLS host verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "RHBZ#2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Certification validation bypass in TLS host verification"
},
{
"cve": "CVE-2026-48935",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2026-06-26T02:01:29.191932+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493329"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Unauthorized file metadata modification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "RHBZ#2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.641000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:07:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.23.1-1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24156+bb41d456.src::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24156+bb41d456.noarch::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:10.9.8-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.aarch64::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.ppc64le::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.s390x::nodejs:22",
"AppStream-9.8.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.23.1.1.module+el9.8.0+24457+996af7aa.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Unauthorized file metadata modification"
}
]
}
RHSA-2026:36754
Vulnerability from csaf_redhat - Published: 2026-07-08 13:07 - Updated: 2026-07-09 13:21A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI's intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
A flaw was found in json-2-csv. An attacker can bypass the `preventCsvInjection` option to inject malicious formulas into CSV (Comma Separated Values) files. When these manipulated CSV files are opened in spreadsheet applications, the injected formulas can execute, potentially leading to arbitrary code execution or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js's default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return (CR), line feed (LF), or double-quote (") characters into the `field` argument of `FormData#append` or the `filename` option. This allows the attacker to inject additional headers or smuggle entire additional multipart parts into requests, potentially enabling them to add or override form fields and compromise data integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to escape the sandbox environment by exploiting the `inspect` function. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity and confidentiality of the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
A flaw was found in golang.org/x/net/html. When arbitrary HTML is parsed and then rendered, it can result in an unexpected HTML tree. This allows an attacker to bypass HTML sanitization mechanisms, leading to Cross-Site Scripting (XSS) attacks in applications. Such attacks can result in information disclosure or arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. A remote attacker can exploit this vulnerability by combining specific Buffer function calls and Node.js's ERR_INVALID_ARG_TYPE error. This allows the attacker to obtain the host's TypeError constructor, leading to an escape from the sandbox. Consequently, this enables attackers to run arbitrary code on the host system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. An attacker within the sandbox could exploit incomplete symbol interception and missing security checks to gain control over the host system. This could allow the attacker to execute arbitrary code outside the sandbox environment, leading to a complete compromise of the host.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. A remote attacker could bypass a security check designed to prevent the combination of nested environments and disabled module loading. This bypass occurs because a strict equality check for the `require` option can be circumvented by simply omitting the option, leading to an unintended configuration. Successful exploitation of this vulnerability could allow an attacker to escape the sandbox and achieve arbitrary code execution on the host system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in vm2, a Node.js sandbox. This vulnerability allows sandboxed code to bypass network restrictions by utilizing internal HTTP built-ins, such as _http_client and _http_server. An attacker can exploit this to make outbound HTTP requests or open listening HTTP sockets, even when public network modules are explicitly denied. This could lead to unauthorized information disclosure or further compromise of the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows sandboxed code to bypass intended security restrictions by exploiting missing entries in the denylist for dangerous Node.js built-in functions, specifically `process` and `inspector/promises`. A remote attacker can leverage this to execute arbitrary code in the host process, leading to a complete compromise of the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. Prior to version 3.11.4, NodeVM, a component of vm2, improperly exposed certain process-wide observability builtins, such as diagnostics_channel, async_hooks, and perf_hooks. These builtins, which are designed for monitoring and debugging, were not adequately blocked by the dangerous builtin denylist. This oversight allowed sandboxed code to observe sensitive host application data, leading to information disclosure across the vm2 security boundary.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to escape the sandbox environment by writing malicious code. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity and confidentiality of the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This sandbox escape vulnerability allows an attacker to execute arbitrary code in the host process. This occurs when untrusted code is executed with asynchronous (async) support on runtimes that expose WebAssembly JavaScript Promise Integration (JSPI). Specifically, a JSPI-backed Promise can bypass expected Promise-species hardening, exposing a host-originated rejection object to attacker-controlled logic and breaking the sandbox boundary.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.10.2 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:36754",
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-12143",
"url": "https://access.redhat.com/security/cve/CVE-2026-12143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-12151",
"url": "https://access.redhat.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24781",
"url": "https://access.redhat.com/security/cve/CVE-2026-24781"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27136",
"url": "https://access.redhat.com/security/cve/CVE-2026-27136"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42338",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42499",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44486",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44487",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44488",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44492",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44494",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44495",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45736",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47131",
"url": "https://access.redhat.com/security/cve/CVE-2026-47131"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47135",
"url": "https://access.redhat.com/security/cve/CVE-2026-47135"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47137",
"url": "https://access.redhat.com/security/cve/CVE-2026-47137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47139",
"url": "https://access.redhat.com/security/cve/CVE-2026-47139"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47140",
"url": "https://access.redhat.com/security/cve/CVE-2026-47140"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47141",
"url": "https://access.redhat.com/security/cve/CVE-2026-47141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47208",
"url": "https://access.redhat.com/security/cve/CVE-2026-47208"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47210",
"url": "https://access.redhat.com/security/cve/CVE-2026-47210"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48779",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6322",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6734",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9277",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9673",
"url": "https://access.redhat.com/security/cve/CVE-2026-9673"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9697",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-3286",
"url": "https://issues.redhat.com/browse/RHDHBUGS-3286"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-3288",
"url": "https://issues.redhat.com/browse/RHDHBUGS-3288"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-3290",
"url": "https://issues.redhat.com/browse/RHDHBUGS-3290"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-3291",
"url": "https://issues.redhat.com/browse/RHDHBUGS-3291"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-3293",
"url": "https://issues.redhat.com/browse/RHDHBUGS-3293"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-3398",
"url": "https://issues.redhat.com/browse/RHDHBUGS-3398"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36754.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.10.2 release.",
"tracking": {
"current_release_date": "2026-07-09T13:21:41+00:00",
"generator": {
"date": "2026-07-09T13:21:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:36754",
"initial_release_date": "2026-07-08T13:07:12+00:00",
"revision_history": [
{
"date": "2026-07-08T13:07:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-08T16:49:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T13:21:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.10",
"product": {
"name": "Red Hat Developer Hub 1.10",
"product_id": "Red Hat Developer Hub 1.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.10::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-hub-rhel9\u0026tag=1783448184"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-must-gather-rhel9@sha256%3Aaacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-must-gather-rhel9\u0026tag=1783447888"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-rhel9-operator\u0026tag=1783447707"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3Ad4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-operator-bundle\u0026tag=1783453583"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rag-content-rhel9@sha256%3Abea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-rag-content-rhel9\u0026tag=1783446803"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64 as a component of Red Hat Developer Hub 1.10",
"product_id": "Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64 as a component of Red Hat Developer Hub 1.10",
"product_id": "Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64 as a component of Red Hat Developer Hub 1.10",
"product_id": "Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64 as a component of Red Hat Developer Hub 1.10",
"product_id": "Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64 as a component of Red Hat Developer Hub 1.10",
"product_id": "Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6322",
"cwe": {
"id": "CWE-140",
"name": "Improper Neutralization of Delimiters"
},
"discovery_date": "2026-05-05T11:01:00.332189+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI\u0027s intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the `fast-uri` library allows an attacker to bypass security controls in Red Hat products that process Uniform Resource Identifiers (URIs). By crafting a malicious URI with percent-encoded authority delimiters, an attacker can cause the library to incorrectly interpret the URI\u0027s authority, potentially redirecting applications to an unintended domain. This could lead to a bypass of host allowlist checks, redirect validation, or outbound request routing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "RHBZ#2466684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6322",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc"
}
],
"release_date": "2026-05-05T10:29:16.378000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling"
},
{
"cve": "CVE-2026-6734",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:04:00.272340+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490024"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as an Important security flaw. The `undici` library, when configured with `Socks5ProxyAgent` to handle requests for multiple origins, incorrectly reuses connection pools. This can lead to sensitive data and credentials being misrouted to unintended destinations, potentially downgrading HTTPS connections to HTTP and compromising data integrity and confidentiality. Red Hat products utilizing `undici` with `Socks5ProxyAgent` in multi-origin scenarios are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "RHBZ#2490024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj"
}
],
"release_date": "2026-06-17T16:36:55.439000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "The single most impactful mitigation is applying network egress controls to restrict which external destinations affected applications can reach. Because the vulnerability causes requests to be misrouted to wrong origins, limiting the set of reachable origins directly reduces the attack surface. These controls collectively limit the blast radius of the connection pool misrouting \u2014 the attacker must compromise one of the explicitly allowed destinations rather than any arbitrary origin \u2014 but they do not fix the underlying logic bug.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing"
},
{
"cve": "CVE-2026-9277",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-05-22T14:01:14.427751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "RHBZ#2480741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote",
"url": "https://github.com/ljharb/shell-quote"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/commit/1518179",
"url": "https://github.com/ljharb/shell-quote/commit/1518179"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p",
"url": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/shell-quote",
"url": "https://www.npmjs.com/package/shell-quote"
}
],
"release_date": "2026-05-22T13:22:38.873000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators"
},
{
"cve": "CVE-2026-9673",
"cwe": {
"id": "CWE-1236",
"name": "Improper Neutralization of Formula Elements in a CSV File"
},
"discovery_date": "2026-05-28T06:01:00.245616+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in json-2-csv. An attacker can bypass the `preventCsvInjection` option to inject malicious formulas into CSV (Comma Separated Values) files. When these manipulated CSV files are opened in spreadsheet applications, the injected formulas can execute, potentially leading to arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-2-csv: json-2-csv: CSV Injection vulnerability allows arbitrary code execution via `preventCsvInjection` bypass.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate vulnerability in `json-2-csv` allows for CSV Injection due to a bypass in the `preventCsvInjection` option. While exploitation requires a user to open a specially crafted CSV file in a spreadsheet application, successful attacks could lead to arbitrary code execution or information disclosure. This affects Red Hat Developer Hub and Red Hat Ansible Automation Platform when processing untrusted data that is subsequently exported to CSV and opened by a user.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9673"
},
{
"category": "external",
"summary": "RHBZ#2482486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9673"
},
{
"category": "external",
"summary": "https://gist.github.com/whoamins/299745a2d36b482b44e9613b78e40613",
"url": "https://gist.github.com/whoamins/299745a2d36b482b44e9613b78e40613"
},
{
"category": "external",
"summary": "https://github.com/mrodrig/json-2-csv/blob/main/src/json2csv.ts%23L410",
"url": "https://github.com/mrodrig/json-2-csv/blob/main/src/json2csv.ts%23L410"
},
{
"category": "external",
"summary": "https://github.com/mrodrig/json-2-csv/commit/0fdd0bb6d0273178cd940afc323ccbce19688229",
"url": "https://github.com/mrodrig/json-2-csv/commit/0fdd0bb6d0273178cd940afc323ccbce19688229"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSON2CSV-14221326",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSON2CSV-14221326"
}
],
"release_date": "2026-05-28T05:00:02.387000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "json-2-csv: json-2-csv: CSV Injection vulnerability allows arbitrary code execution via `preventCsvInjection` bypass."
},
{
"cve": "CVE-2026-9697",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-17T19:03:30.813843+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici\u0027s ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js\u0027s default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability. Applications using `undici`\u0027s `ProxyAgent` with a SOCKS5 proxy URI will silently ignore user-configured TLS options, including custom Certificate Authorities. This bypasses intended security controls for HTTPS communication, enabling a remote attacker to perform Man-in-the-Middle attacks, potentially leading to information disclosure or arbitrary code execution in affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "RHBZ#2490018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g"
}
],
"release_date": "2026-06-17T16:46:42.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy"
},
{
"cve": "CVE-2026-12143",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-06-12T19:00:57.360953+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488480"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return (CR), line feed (LF), or double-quote (\") characters into the `field` argument of `FormData#append` or the `filename` option. This allows the attacker to inject additional headers or smuggle entire additional multipart parts into requests, potentially enabling them to add or override form fields and compromise data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "form-data: form-data: Form field override via CRLF injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important impact flaw in the form-data library: a remote attacker can inject arbitrary headers or additional multipart parts via CRLF injection in field names or filenames, potentially overriding sensitive form fields and affecting data integrity.\n\nFor RHOAI and RHEL AI, severity is Moderate because affected versions appear only as a transitive npm dependency in RHOAI (dashboard, mod-arch plugins, MLflow UI) and RHEL AI 3.4 bootc images, and those products use fixed field names for uploads rather than passing untrusted user input as multipart field names or filenames. The documented exploit path is therefore not reachable in default deployments. Practical impact is limited to non-default or custom integrations that forward multipart requests using attacker-controlled field names.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12143"
},
{
"category": "external",
"summary": "RHBZ#2488480",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488480"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12143"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/93.html",
"url": "https://cwe.mitre.org/data/definitions/93.html"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/64190db548c0179e37206858e39f27cf513e9435",
"url": "https://github.com/form-data/form-data/commit/64190db548c0179e37206858e39f27cf513e9435"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/be3f3cf553978bac15a5182f1f3c3d2d38ccf229",
"url": "https://github.com/form-data/form-data/commit/be3f3cf553978bac15a5182f1f3c3d2d38ccf229"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/c7133499c2ee1b80c678e411244f4442bf902045",
"url": "https://github.com/form-data/form-data/commit/c7133499c2ee1b80c678e411244f4442bf902045"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/security/advisories/GHSA-hmw2-7cc7-3qxx",
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-hmw2-7cc7-3qxx"
},
{
"category": "external",
"summary": "https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data",
"url": "https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/form-data",
"url": "https://www.npmjs.com/package/form-data"
}
],
"release_date": "2026-06-12T18:01:30.362000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Applications using the `form-data` library should implement strict input validation and sanitization for all field names and filenames derived from untrusted sources. This prevents the injection of control characters (CR, LF, \") that could lead to header injection or form field overrides. Deployments that exclusively use fixed or trusted field names are not impacted.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "form-data: form-data: Form field override via CRLF injection"
},
{
"cve": "CVE-2026-12151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-17T17:01:45.297604+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489980"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the `undici` WebSocket client allows a remote attacker to cause unbounded memory growth. By sending numerous small or empty WebSocket frames, an unauthenticated attacker can exhaust system memory, leading to a denial of service in Red Hat products that use the affected client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "RHBZ#2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q"
}
],
"release_date": "2026-06-17T16:05:38.785000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames"
},
{
"cve": "CVE-2026-24781",
"cwe": {
"id": "CWE-653",
"name": "Improper Isolation or Compartmentalization"
},
"discovery_date": "2026-05-04T19:03:41.437468+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466531"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to escape the sandbox environment by exploiting the `inspect` function. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity and confidentiality of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Arbitrary code execution via sandbox breakout through inspect function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24781"
},
{
"category": "external",
"summary": "RHBZ#2466531",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466531"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24781",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24781"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24781",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24781"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/8d30d93213c1898b3e035298b89a814970dd1189",
"url": "https://github.com/patriksimek/vm2/commit/8d30d93213c1898b3e035298b89a814970dd1189"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/bdd3d15e57bc4ec5e70365cd79f7cb0256e5f88c",
"url": "https://github.com/patriksimek/vm2/commit/bdd3d15e57bc4ec5e70365cd79f7cb0256e5f88c"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/fd266d084e0a3322d0f71ba2a8dc4c96cd030228",
"url": "https://github.com/patriksimek/vm2/commit/fd266d084e0a3322d0f71ba2a8dc4c96cd030228"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.0",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.0"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v37h-5mfm-c47c",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v37h-5mfm-c47c"
}
],
"release_date": "2026-05-04T16:33:32.869000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vm2: vm2: Arbitrary code execution via sandbox breakout through inspect function"
},
{
"cve": "CVE-2026-27136",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-22T16:00:56.609820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480757"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. When arbitrary HTML is parsed and then rendered, it can result in an unexpected HTML tree. This allows an attacker to bypass HTML sanitization mechanisms, leading to Cross-Site Scripting (XSS) attacks in applications. Such attacks can result in information disclosure or arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in `golang.org/x/net/html` is rated as Important. It allows for Cross-Site Scripting (XSS) attacks by enabling an attacker to bypass HTML sanitization mechanisms when arbitrary HTML is parsed and rendered. This can lead to information disclosure or arbitrary code execution in affected applications. Exploitation typically requires user interaction, where a user processes specially crafted malicious HTML content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27136"
},
{
"category": "external",
"summary": "RHBZ#2480757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480757"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27136",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27136"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27136",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27136"
},
{
"category": "external",
"summary": "https://go.dev/cl/781685",
"url": "https://go.dev/cl/781685"
},
{
"category": "external",
"summary": "https://go.dev/issue/79575",
"url": "https://go.dev/issue/79575"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5030",
"url": "https://pkg.go.dev/vuln/GO-2026-5030"
}
],
"release_date": "2026-05-22T15:01:22.111000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass"
},
{
"cve": "CVE-2026-39820",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:27.800929+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467820"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net/mail` package. Applications processing untrusted email inputs via `ParseAddress`, `ParseAddressList`, or `ParseDate` functions are susceptible to excessive resource consumption, which can lead to service unavailability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "RHBZ#2467820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://go.dev/cl/759940",
"url": "https://go.dev/cl/759940"
},
{
"category": "external",
"summary": "https://go.dev/issue/78566",
"url": "https://go.dev/issue/78566"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4986",
"url": "https://pkg.go.dev/vuln/GO-2026-4986"
}
],
"release_date": "2026-05-07T19:41:19.854000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-42499",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2026-05-07T20:00:51.685602+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467809"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `net/mail` package of the Go standard library. A remote attacker can exploit this flaw by sending specially crafted email addresses, leading to excessive resource consumption and a denial of service in Go applications that parse email addresses using the affected library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "RHBZ#2467809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42499",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://go.dev/cl/771520",
"url": "https://go.dev/cl/771520"
},
{
"category": "external",
"summary": "https://go.dev/issue/78987",
"url": "https://go.dev/issue/78987"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4977",
"url": "https://pkg.go.dev/vuln/GO-2026-4977"
}
],
"release_date": "2026-05-07T19:41:18.615000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing"
},
{
"cve": "CVE-2026-44486",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:30.944384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in the Axios Node.js HTTP adapter. Red Hat products utilizing Axios in a Node.js environment with an authenticated proxy and automatic redirects enabled are susceptible. The vulnerability arises when a request, initially sent through an authenticated proxy, is redirected to a target that no longer uses the proxy, potentially leaking `Proxy-Authorization` headers containing sensitive credentials to an untrusted remote server. This risk is heightened in deployments where applications interact with untrusted HTTP origins.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "RHBZ#2487947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc",
"url": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc"
}
],
"release_date": "2026-06-11T15:39:07.714000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects"
},
{
"cve": "CVE-2026-44487",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:34.091476+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via redirect flows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in Axios affecting Node.js environments. When an application uses Axios with an authenticated HTTP proxy and follows redirects from an HTTP to a non-proxied HTTPS destination, the Proxy-Authorization header may be inadvertently sent to the final origin server. This could lead to the exposure of sensitive proxy credentials to an unintended third party.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "RHBZ#2487948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v",
"url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"
}
],
"release_date": "2026-06-11T15:38:25.150000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via redirect flows"
},
{
"cve": "CVE-2026-44488",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-11T17:01:36.836488+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487949"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Denial of Service due to unenforced request and response size limits",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A denial of service flaw was found in Axios, a JavaScript HTTP client library. This issue arises when applications utilize the `fetch` adapter, as configured request and response size limits are not properly enforced. A remote attacker could exploit this by sending or receiving excessively large data bodies, leading to resource exhaustion and potential denial of service in affected server-side applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "RHBZ#2487949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf"
}
],
"release_date": "2026-06-11T15:37:38.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Denial of Service due to unenforced request and response size limits"
},
{
"cve": "CVE-2026-44492",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-11T17:00:56.761751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487938"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in Axios, a JavaScript HTTP client library, that allows for a proxy bypass. When a `NO_PROXY` environment variable is configured to prevent direct connections to specific IPv4 addresses, an attacker can craft a request URL using the IPv4-mapped IPv6 address format. This bypasses the intended `NO_PROXY` exclusion, routing the request through the configured proxy and potentially exposing internal services or sensitive information, such as cloud instance metadata credentials.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "RHBZ#2487938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"
}
],
"release_date": "2026-06-11T15:29:13.890000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization"
},
{
"cve": "CVE-2026-44494",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:01:12.945664+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to escalate any existing Object.prototype pollution in an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the Axios library allows an attacker to escalate existing prototype pollution vulnerabilities within an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. By injecting a malicious proxy configuration into the `Object.prototype`, an attacker can intercept, read, and modify all HTTP traffic, including sensitive authentication credentials, without direct user interaction. This poses a significant risk to data confidentiality and integrity in Red Hat products that utilize the Axios library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "RHBZ#2487942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44494",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44494"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh",
"url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
}
],
"release_date": "2026-06-11T15:32:03.155000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution"
},
{
"cve": "CVE-2026-44495",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:00:53.999811+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure due to prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in Axios, a promise-based HTTP client, can lead to information disclosure, including credential theft and response hijacking, or denial of service. Exploitation requires a separate prototype pollution vulnerability in the same JavaScript process, allowing an attacker to control `Object.prototype.transformResponse`. Red Hat products using affected Axios versions are at risk if another component introduces such pollution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "RHBZ#2487937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"
}
],
"release_date": "2026-06-11T15:33:12.433000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure due to prototype pollution vulnerability"
},
{
"cve": "CVE-2026-44496",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-06-11T17:01:15.856386+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Axios can lead to a client-side Denial of Service. An attacker capable of influencing the XSRF cookie name within a browser environment could trigger excessive regular expression processing, causing the affected browser tab to freeze and degrade user availability. This issue specifically impacts browser-based applications and does not affect Node.js HTTP adapter usage, React Native, or web workers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "RHBZ#2487943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
}
],
"release_date": "2026-06-11T15:34:28.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
},
{
"cve": "CVE-2026-45736",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-05-15T16:00:55.786944+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477914"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in the `ws` WebSocket library for Node.js could lead to sensitive information disclosure. The flaw occurs when a `TypedArray` is specifically provided as the `reason` argument to the `websocket.close()` function, potentially exposing uninitialized memory. Red Hat products utilizing this library may be affected if their implementations allow for such a crafted `close()` call.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "RHBZ#2477914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477914"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45736",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086",
"url": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx"
}
],
"release_date": "2026-05-15T14:53:57.263000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`"
},
{
"cve": "CVE-2026-47131",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-06-12T15:01:52.744009+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488393"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. A remote attacker can exploit this vulnerability by combining specific Buffer function calls and Node.js\u0027s ERR_INVALID_ARG_TYPE error. This allows the attacker to obtain the host\u0027s TypeError constructor, leading to an escape from the sandbox. Consequently, this enables attackers to run arbitrary code on the host system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Arbitrary code execution via sandbox escape vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated the impact of this vulnerability as Moderate in Red Hat Developer Hub and Ansible Automation Platform.The affected package is present in both products as a transitive dependency; however, the vulnerable sandbox functionality is not invoked in any production code path. The active sandboxing mechanism used by both products does not rely on this package, and user-supplied input cannot reach the vulnerable code under a standard deployment. Exploitation would require an attacker to independently route arbitrary JavaScript into the sandbox runtime, a condition not present in the default configuration of either product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47131"
},
{
"category": "external",
"summary": "RHBZ#2488393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47131",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47131"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/27c525f4615e2b983f122e2bed327d810126f5c8",
"url": "https://github.com/patriksimek/vm2/commit/27c525f4615e2b983f122e2bed327d810126f5c8"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v6mx-mf47-r5wg",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v6mx-mf47-r5wg"
}
],
"release_date": "2026-06-12T14:14:17.037000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: Arbitrary code execution via sandbox escape vulnerability"
},
{
"cve": "CVE-2026-47135",
"cwe": {
"id": "CWE-1100",
"name": "Insufficient Isolation of System-Dependent Functions"
},
"discovery_date": "2026-06-12T15:02:02.154869+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488396"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. An attacker within the sandbox could exploit incomplete symbol interception and missing security checks to gain control over the host system. This could allow the attacker to execute arbitrary code outside the sandbox environment, leading to a complete compromise of the host.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Sandbox escape allows arbitrary code execution on the host system",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as Moderate for Red Hat Developer Hub and Red Hat Ansible Automation Platform. The vm2 sandbox exists as a transitive dependency in Red Hat Developer Hub and is only utilized during build time. The sandbox is therefore not exposed on the production code path. Exploitation of this vulnerability requires attackers to write cross-realm symbol keys to host objects which is not possible in the default configuration of Red Hat Developer Hub.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47135"
},
{
"category": "external",
"summary": "RHBZ#2488396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488396"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47135"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/928aef51898b5c52a05f05a40c4cfeb52e172878",
"url": "https://github.com/patriksimek/vm2/commit/928aef51898b5c52a05f05a40c4cfeb52e172878"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-m5q2-4fm3-vfqp",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-m5q2-4fm3-vfqp"
}
],
"release_date": "2026-06-12T14:14:42.022000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: Sandbox escape allows arbitrary code execution on the host system"
},
{
"cve": "CVE-2026-47137",
"cwe": {
"id": "CWE-480",
"name": "Use of Incorrect Operator"
},
"discovery_date": "2026-06-12T15:01:24.611905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488385"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. A remote attacker could bypass a security check designed to prevent the combination of nested environments and disabled module loading. This bypass occurs because a strict equality check for the `require` option can be circumvented by simply omitting the option, leading to an unintended configuration. Successful exploitation of this vulnerability could allow an attacker to escape the sandbox and achieve arbitrary code execution on the host system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Sandbox escape leading to arbitrary code execution via security bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated the impact of this vulnerability as Moderate in Red Hat Developer Hub and Ansible Automation Platform.The affected package is present in both products as a transitive dependency; however, the vulnerable sandbox functionality is not invoked in any production code path. The active sandboxing mechanism used by both products does not rely on this package, and user-supplied input cannot reach the vulnerable code under a standard deployment. Exploitation would require an attacker to independently route arbitrary JavaScript into the sandbox runtime, a condition not present in the default configuration of either product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47137"
},
{
"category": "external",
"summary": "RHBZ#2488385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47137"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-g644-9gfx-q4q4",
"url": "https://github.com/advisories/GHSA-g644-9gfx-q4q4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/01a7552add345d5a6862623884e6b79a85bf0568",
"url": "https://github.com/patriksimek/vm2/commit/01a7552add345d5a6862623884e6b79a85bf0568"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/86ab819f202c3a8dad88cef5705f2e416c5188d7",
"url": "https://github.com/patriksimek/vm2/commit/86ab819f202c3a8dad88cef5705f2e416c5188d7"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-m4wx-m65x-ghrr",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-m4wx-m65x-ghrr"
}
],
"release_date": "2026-06-12T14:15:34.795000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vm2: vm2: Sandbox escape leading to arbitrary code execution via security bypass"
},
{
"cve": "CVE-2026-47139",
"cwe": {
"id": "CWE-1100",
"name": "Insufficient Isolation of System-Dependent Functions"
},
"discovery_date": "2026-06-12T15:01:31.104545+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488387"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, a Node.js sandbox. This vulnerability allows sandboxed code to bypass network restrictions by utilizing internal HTTP built-ins, such as _http_client and _http_server. An attacker can exploit this to make outbound HTTP requests or open listening HTTP sockets, even when public network modules are explicitly denied. This could lead to unauthorized information disclosure or further compromise of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Sandbox escape via internal HTTP built-ins leading to network restriction bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as Moderate for Red Hat Developer Hub and Red Hat Ansible Automation Platform. The vm2 sandbox exists as a transitive dependency in Red Hat Developer Hub and is only utilized during build time. The sandbox is therefore not exposed on the production code path. Exploitation of this vulnerability requires attackers to access internal HTTP built-ins which is not possible in the default configuration of Red Hat Developer Hub.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47139"
},
{
"category": "external",
"summary": "RHBZ#2488387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47139"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47139",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47139"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/436053e30eecbabd487e2fd2959c137ac34e2bb1",
"url": "https://github.com/patriksimek/vm2/commit/436053e30eecbabd487e2fd2959c137ac34e2bb1"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-r9pm-gxmw-wv6p",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-r9pm-gxmw-wv6p"
}
],
"release_date": "2026-06-12T14:15:44.652000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: Sandbox escape via internal HTTP built-ins leading to network restriction bypass"
},
{
"cve": "CVE-2026-47140",
"cwe": {
"id": "CWE-184",
"name": "Incomplete List of Disallowed Inputs"
},
"discovery_date": "2026-06-12T15:01:11.705175+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488381"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows sandboxed code to bypass intended security restrictions by exploiting missing entries in the denylist for dangerous Node.js built-in functions, specifically `process` and `inspector/promises`. A remote attacker can leverage this to execute arbitrary code in the host process, leading to a complete compromise of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Arbitrary code execution due to incomplete sandbox restrictions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated the impact of this vulnerability as Moderate in Red Hat Developer Hub and Ansible Automation Platform.The affected package is present in both products as a transitive dependency; however, the vulnerable sandbox functionality is not invoked in any production code path. The active sandboxing mechanism used by both products does not rely on this package, and user-supplied input cannot reach the vulnerable code under a standard deployment. Exploitation would require an attacker to independently route arbitrary JavaScript into the sandbox runtime, a condition not present in the default configuration of either product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47140"
},
{
"category": "external",
"summary": "RHBZ#2488381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47140"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47140",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47140"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/a1ed47a98d1cc36cb48c0d566d55889688e0b59b",
"url": "https://github.com/patriksimek/vm2/commit/a1ed47a98d1cc36cb48c0d566d55889688e0b59b"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-rp36-8xq3-r6c4",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-rp36-8xq3-r6c4"
}
],
"release_date": "2026-06-12T14:16:10.727000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vm2: vm2: Arbitrary code execution due to incomplete sandbox restrictions"
},
{
"cve": "CVE-2026-47141",
"cwe": {
"id": "CWE-653",
"name": "Improper Isolation or Compartmentalization"
},
"discovery_date": "2026-06-12T15:01:05.444374+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. Prior to version 3.11.4, NodeVM, a component of vm2, improperly exposed certain process-wide observability builtins, such as diagnostics_channel, async_hooks, and perf_hooks. These builtins, which are designed for monitoring and debugging, were not adequately blocked by the dangerous builtin denylist. This oversight allowed sandboxed code to observe sensitive host application data, leading to information disclosure across the vm2 security boundary.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: NodeVM observability builtins leak host process and HTTP request data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as Moderate for Red Hat Developer Hub and Red Hat Ansible Automation Platform. The vm2 sandbox exists as a transitive dependency in Red Hat Developer Hub and is only utilized during build time. The sandbox is therefore not exposed on the production code path. Exploitation of this vulnerability requires attackers to access process-wide observability builtins which is not possible in the default configuration of Red Hat Developer Hub.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47141"
},
{
"category": "external",
"summary": "RHBZ#2488379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47141"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb",
"url": "https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9g8x-92q2-p28f",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9g8x-92q2-p28f"
}
],
"release_date": "2026-06-12T14:17:35.970000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: NodeVM observability builtins leak host process and HTTP request data"
},
{
"cve": "CVE-2026-47208",
"discovery_date": "2026-06-12T15:01:14.630546+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488382"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to escape the sandbox environment by writing malicious code. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity and confidentiality of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Sandbox Breakout Using Promise Species",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires an attacker to supply untrusted malicious code to the vm2 sandbox, which is easily achieved since the component\u0027s main purpose is to execute untrusted code.\n\nEscaping the sandbox completely bypasses the intended security boundaries, leading directly to arbitrary code execution on the host system and a full compromise of confidentiality and integrity",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47208"
},
{
"category": "external",
"summary": "RHBZ#2488382",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488382"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47208",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47208"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47208",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47208"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/a462655009669c3124ee39498121651597529ea8",
"url": "https://github.com/patriksimek/vm2/commit/a462655009669c3124ee39498121651597529ea8"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-76w7-j9cq-rx2j",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-76w7-j9cq-rx2j"
}
],
"release_date": "2026-06-12T14:16:22.726000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: Sandbox Breakout Using Promise Species"
},
{
"cve": "CVE-2026-47210",
"cwe": {
"id": "CWE-653",
"name": "Improper Isolation or Compartmentalization"
},
"discovery_date": "2026-06-12T15:01:38.846673+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488389"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This sandbox escape vulnerability allows an attacker to execute arbitrary code in the host process. This occurs when untrusted code is executed with asynchronous (async) support on runtimes that expose WebAssembly JavaScript Promise Integration (JSPI). Specifically, a JSPI-backed Promise can bypass expected Promise-species hardening, exposing a host-originated rejection object to attacker-controlled logic and breaking the sandbox boundary.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Arbitrary code execution via sandbox escape when executing untrusted code with async support.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated the impact of this vulnerability as Moderate in Red Hat Developer Hub and Ansible Automation Platform.The affected package is present in both products as a transitive dependency; however, the vulnerable sandbox functionality is not invoked in any production code path. The active sandboxing mechanism used by both products does not rely on this package, and user-supplied input cannot reach the vulnerable code under a standard deployment. Exploitation would require an attacker to independently route arbitrary JavaScript into the sandbox runtime, a condition not present in the default configuration of either product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47210"
},
{
"category": "external",
"summary": "RHBZ#2488389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488389"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47210",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47210"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47210",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47210"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/6915fa4d9bcebd47b9a4f39a1adc1aa94ef6ffc6",
"url": "https://github.com/patriksimek/vm2/commit/6915fa4d9bcebd47b9a4f39a1adc1aa94ef6ffc6"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-6j2x-vhqr-qr7q",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-6j2x-vhqr-qr7q"
}
],
"release_date": "2026-06-12T14:17:22.653000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: Arbitrary code execution via sandbox escape when executing untrusted code with async support."
},
{
"cve": "CVE-2026-48779",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-06-16T22:01:24.571224+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489661"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `ws` WebSocket library. A remote attacker can exploit this flaw by sending a high volume of small, fragmented data, leading to excessive memory consumption and subsequent process termination. This can result in service disruption for Red Hat products that utilize `ws` for WebSocket communication.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "RHBZ#2489661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489661"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7",
"url": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53",
"url": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94",
"url": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8",
"url": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p"
}
],
"release_date": "2026-06-16T21:26:22.537000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T13:07:12+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:61883f5228095e3a3fd5b7daf60e29a5ffd053844f8661a2b5282a77c086dc02_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-must-gather-rhel9@sha256:aacbef97f59305a91db44c3c92c34509027b3d2a4ece07716e6fe8b217dd5ee1_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:d4208a03e389fe82e7da2d27c491251e6d43a0b473aa80d3e6a351c77582a92a_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rag-content-rhel9@sha256:bea9305c453e377dfe6abf20076aec408efe2cbcf05f5a1c04c9b2d2f288bd65_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:0856143fa78dbbd74c1c068c75c265451698913608009f40600bb7c46928739b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments"
}
]
}
RHSA-2026:36820
Vulnerability from csaf_redhat - Published: 2026-07-08 17:12 - Updated: 2026-07-09 13:21A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js's default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDoc hover popup, an attacker can execute arbitrary VS Code commands, which can lead to full system compromise in trusted workspaces.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during public key authentication. Successful exploitation could lead to a denial of service (DoS) due to prolonged CPU consumption during signature verification.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected behavior or potential bypass of security controls on the proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
A flaw was found in Netty. Netty's DNS (Domain Name System) codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the encoder through user-influenced hostnames, leading to a high integrity impact on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in Netty's HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both `Transfer-Encoding: chunked` and `Content-Length` headers. While Netty correctly strips the conflicting `Content-Length` header for HTTP/1.1 messages, this guard is absent for HTTP/1.0. This can lead to HTTP request smuggling, where downstream proxies or handlers may misinterpret message boundaries, potentially allowing an attacker to bypass security controls or access unauthorized information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted LZ4 compressed data stream. This can cause the Lz4FrameDecoder to allocate a large amount of memory (up to 32 MB per block) before the LZ4 decompression runs, leading to excessive memory consumption and a denial of service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses (103, followed by a 200 with a GET body, then another 200 for a HEAD request) when the client pipelines GET then HEAD requests. This can cause the HttpClientCodec to incorrectly pair responses, leading to subsequent HTTP responses being parsed from the wrong offset. This issue may result in information disclosure or other data integrity problems due to misinterpretation of network traffic.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo() function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended network restrictions, potentially leading to unauthorized access or exposure of services.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in Traefik. A low-privileged tenant with HTTPRoute creation permissions in Traefik's Kubernetes Gateway API provider can bypass security settings. This allows the tenant to expose the REST provider handler and gain live dynamic configuration write access to Traefik. This vulnerability enables unauthorized reconfiguration of routers and services, potentially leading to privilege escalation within the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in netty-codec-haproxy, a component of the Netty network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy message with a malformed PP2_TYPE_SSL TLV (Type-Length-Value) header. This can lead to an IndexOutOfBoundsException and prevent the release of retained memory, ultimately causing a Denial of Service (DoS) condition for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in OpenTelemetry Java, specifically within the baggage propagation implementation of opentelemetry-api and opentelemetry-extension-trace-propagators. A remote attacker can exploit this vulnerability by sending oversized baggage, which leads to unbounded memory allocation and high CPU consumption. This can result in a Denial of Service (DoS) for the affected service. Furthermore, because baggage is automatically re-injected into outgoing requests, the impact can spread to other downstream services.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the `DelegatingDecompressorFrameListener` class. This resource leak could lead to an Out Of Memory Error (OOME), potentially causing a Denial of Service (DoS) by taking down the entire Java Virtual Machine (JVM).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested `PP2_TYPE_SSL` type-length-value (TLV) records. This can lead to a memory leak, causing the underlying cumulation buffer to remain permanently pinned and potentially resulting in a Denial of Service (DoS) due to resource exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.29.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\nThe 3.29 release is based on Eclipse Che 7.119 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\nUsers still using the v1 standard should migrate as soon as possible.\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\nDev Spaces supports OpenShift EUS releases v4.16 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates.\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:36820",
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.29/html/administration_guide/installing-devspaces",
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.29/html/administration_guide/installing-devspaces"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-12151",
"url": "https://access.redhat.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-12856",
"url": "https://access.redhat.com/security/cve/CVE-2026-12856"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39829",
"url": "https://access.redhat.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42338",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42578",
"url": "https://access.redhat.com/security/cve/CVE-2026-42578"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42579",
"url": "https://access.redhat.com/security/cve/CVE-2026-42579"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42581",
"url": "https://access.redhat.com/security/cve/CVE-2026-42581"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42583",
"url": "https://access.redhat.com/security/cve/CVE-2026-42583"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42584",
"url": "https://access.redhat.com/security/cve/CVE-2026-42584"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42587",
"url": "https://access.redhat.com/security/cve/CVE-2026-42587"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44249",
"url": "https://access.redhat.com/security/cve/CVE-2026-44249"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44486",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44487",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44488",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44492",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44494",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44495",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44774",
"url": "https://access.redhat.com/security/cve/CVE-2026-44774"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44893",
"url": "https://access.redhat.com/security/cve/CVE-2026-44893"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45292",
"url": "https://access.redhat.com/security/cve/CVE-2026-45292"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45736",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-46595",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48043",
"url": "https://access.redhat.com/security/cve/CVE-2026-48043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48059",
"url": "https://access.redhat.com/security/cve/CVE-2026-48059"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48779",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-50559",
"url": "https://access.redhat.com/security/cve/CVE-2026-50559"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6734",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9697",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36820.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.29.0 Release.",
"tracking": {
"current_release_date": "2026-07-09T13:21:41+00:00",
"generator": {
"date": "2026-07-09T13:21:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:36820",
"initial_release_date": "2026-07-08T17:12:17+00:00",
"revision_history": [
{
"date": "2026-07-08T17:12:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-08T17:12:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T13:21:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3.29",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3.29::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=1782498475"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-sshd-rhel9\u0026tag=1782497670"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Ab5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=1782403514"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=1782498792"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=1782403262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/jetbrains-ide-rhel9\u0026tag=1783093088"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3A5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/multicluster-redirector-rhel9\u0026tag=1782989027"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"product": {
"name": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"product_id": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3A9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/oauth2-proxy-rhel9\u0026tag=1782487406"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Ac05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/openvsx-rhel9\u0026tag=1783007534"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=1782403611"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256%3A6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=1783094587"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Afdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=1782989367"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3Afcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=1783033397"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=1782403274"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=1782991491"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Ad0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel10\u0026tag=1782987430"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=1782987705"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=1782498475"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Ae8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-sshd-rhel9\u0026tag=1782497670"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=1782403514"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=1782498792"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=1782403262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3Aaa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/jetbrains-ide-rhel9\u0026tag=1783093088"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3A141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/multicluster-redirector-rhel9\u0026tag=1782989027"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"product": {
"name": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"product_id": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3A823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/oauth2-proxy-rhel9\u0026tag=1782487406"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/openvsx-rhel9\u0026tag=1783007534"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=1782403611"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=1782989367"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3Aa107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=1783033397"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=1782403274"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=1782991491"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Ae99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel10\u0026tag=1782987430"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Ad086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=1782987705"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3Ae1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=1782498475"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-sshd-rhel9\u0026tag=1782497670"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=1782403514"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=1782498792"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=1782403262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3Abf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/jetbrains-ide-rhel9\u0026tag=1783093088"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Ad55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/multicluster-redirector-rhel9\u0026tag=1782989027"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"product_id": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3A0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/oauth2-proxy-rhel9\u0026tag=1782487406"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/openvsx-rhel9\u0026tag=1783007534"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=1782403611"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=1782989367"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3Ae21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=1783033397"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=1782403274"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=1782991491"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel10\u0026tag=1782987430"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Aacd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=1782987705"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=1782498475"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Af2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/code-sshd-rhel9\u0026tag=1782497670"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=1782403514"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=1782498792"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3Ab0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=1782403262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/jetbrains-ide-rhel9\u0026tag=1783093088"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3A6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/multicluster-redirector-rhel9\u0026tag=1782989027"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"product": {
"name": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"product_id": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3A93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/oauth2-proxy-rhel9\u0026tag=1782487406"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Aaf3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/openvsx-rhel9\u0026tag=1783007534"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=1782403611"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=1782989367"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=1783033397"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3Ac18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=1782403274"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Af0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=1782991491"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel10\u0026tag=1782987430"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=1782987705"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x"
},
"product_reference": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64"
},
"product_reference": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64"
},
"product_reference": "registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64 as a component of Red Hat OpenShift Dev Spaces 3.29",
"product_id": "Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.29"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6734",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:04:00.272340+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490024"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as an Important security flaw. The `undici` library, when configured with `Socks5ProxyAgent` to handle requests for multiple origins, incorrectly reuses connection pools. This can lead to sensitive data and credentials being misrouted to unintended destinations, potentially downgrading HTTPS connections to HTTP and compromising data integrity and confidentiality. Red Hat products utilizing `undici` with `Socks5ProxyAgent` in multi-origin scenarios are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "RHBZ#2490024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj"
}
],
"release_date": "2026-06-17T16:36:55.439000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "The single most impactful mitigation is applying network egress controls to restrict which external destinations affected applications can reach. Because the vulnerability causes requests to be misrouted to wrong origins, limiting the set of reachable origins directly reduces the attack surface. These controls collectively limit the blast radius of the connection pool misrouting \u2014 the attacker must compromise one of the explicitly allowed destinations rather than any arbitrary origin \u2014 but they do not fix the underlying logic bug.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing"
},
{
"cve": "CVE-2026-9697",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-17T19:03:30.813843+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici\u0027s ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js\u0027s default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability. Applications using `undici`\u0027s `ProxyAgent` with a SOCKS5 proxy URI will silently ignore user-configured TLS options, including custom Certificate Authorities. This bypasses intended security controls for HTTPS communication, enabling a remote attacker to perform Man-in-the-Middle attacks, potentially leading to information disclosure or arbitrary code execution in affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "RHBZ#2490018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g"
}
],
"release_date": "2026-06-17T16:46:42.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy"
},
{
"cve": "CVE-2026-12151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-17T17:01:45.297604+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489980"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the `undici` WebSocket client allows a remote attacker to cause unbounded memory growth. By sending numerous small or empty WebSocket frames, an unauthenticated attacker can exhaust system memory, leading to a denial of service in Red Hat products that use the affected client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "RHBZ#2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q"
}
],
"release_date": "2026-06-17T16:05:38.785000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames"
},
{
"acknowledgments": [
{
"names": [
"byte256"
]
}
],
"cve": "CVE-2026-12856",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-06-20T17:33:27+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491278"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDoc hover popup, an attacker can execute arbitrary VS Code commands, which can lead to full system compromise in trusted workspaces.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vscode-java: vscode: Command Injection vulnerability in the JavaDoc hover provider of the vscode-java extension",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed the severity of this vulnerability as Important, given that it requires a user to open a malicious Java source file and interact with a hover popup. Successful exploitation allows an attacker to execute arbitrary commands within the context of the VS Code editor and potentially the underlying operating system. The vulnerability\u0027s root cause is the over-trusting of Markdown content returned by the Java language server, which fails to isolate extension-generated trusted links from attacker-controlled JavaDoc content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12856"
},
{
"category": "external",
"summary": "RHBZ#2491278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12856",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12856"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12856",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12856"
},
{
"category": "external",
"summary": "https://github.com/redhat-developer/vscode-java/security/advisories/GHSA-7qv8-6qrw-3crv",
"url": "https://github.com/redhat-developer/vscode-java/security/advisories/GHSA-7qv8-6qrw-3crv"
}
],
"release_date": "2026-06-29T12:25:07.165000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid opening or interacting with untrusted Java projects or files within Red Hat OpenShift Dev Spaces. Exercise caution and refrain from clicking on unfamiliar links presented in JavaDoc hover popups, particularly when working with code from unverified sources. Disabling the `vscode-java` extension when not actively engaged in Java development can further reduce exposure, though this will impact Java-related functionality.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vscode-java: vscode: Command Injection vulnerability in the JavaDoc hover provider of the vscode-java extension"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-39829",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-05-22T04:01:30.092249+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480681"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during public key authentication. Successful exploitation could lead to a denial of service (DoS) due to prolonged CPU consumption during signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in golang.org/x/crypto/ssh is rated as Important. An unauthenticated remote attacker could trigger a denial of service by providing a specially crafted public key with excessively large parameters during SSH public key authentication. This could lead to prolonged CPU consumption on the server, impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "RHBZ#2480681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39829",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39829"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829"
},
{
"category": "external",
"summary": "https://go.dev/cl/781641",
"url": "https://go.dev/cl/781641"
},
{
"category": "external",
"summary": "https://go.dev/cl/781661",
"url": "https://go.dev/cl/781661"
},
{
"category": "external",
"summary": "https://go.dev/issue/79565",
"url": "https://go.dev/issue/79565"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5018",
"url": "https://pkg.go.dev/vuln/GO-2026-5018"
}
],
"release_date": "2026-05-22T02:31:27.324000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-42578",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-05-13T19:02:00.826936+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477226"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected behavior or potential bypass of security controls on the proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42578"
},
{
"category": "external",
"summary": "RHBZ#2477226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42578",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42578"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr",
"url": "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr"
}
],
"release_date": "2026-05-13T17:57:43.538000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation"
},
{
"cve": "CVE-2026-42579",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-05-13T19:01:25.062732+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477217"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. Netty\u0027s DNS (Domain Name System) codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the encoder through user-influenced hostnames, leading to a high integrity impact on the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important integrity flaw in Netty\u0027s DNS codec. The vulnerability arises from insufficient enforcement of RFC 1035 domain name constraints during both encoding and decoding, allowing remote attackers to manipulate DNS responses or user-controlled hostnames. This could lead to a high integrity impact on affected Red Hat products that utilize the vulnerable Netty DNS codec.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42579"
},
{
"category": "external",
"summary": "RHBZ#2477217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477217"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42579",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42579"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm",
"url": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm"
}
],
"release_date": "2026-05-13T18:01:52.500000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement"
},
{
"cve": "CVE-2026-42581",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-05-13T19:02:26.404511+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477232"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both `Transfer-Encoding: chunked` and `Content-Length` headers. While Netty correctly strips the conflicting `Content-Length` header for HTTP/1.1 messages, this guard is absent for HTTP/1.0. This can lead to HTTP request smuggling, where downstream proxies or handlers may misinterpret message boundaries, potentially allowing an attacker to bypass security controls or access unauthorized information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw. Netty\u0027s HttpObjectDecoder, used across various Red Hat products, improperly handles conflicting `Transfer-Encoding: chunked` and `Content-Length` headers in HTTP/1.0 requests. This allows a remote attacker to perform HTTP request smuggling, potentially bypassing security controls or gaining unauthorized access to information due to misinterpretation of message boundaries by downstream proxies or handlers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42581"
},
{
"category": "external",
"summary": "RHBZ#2477232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477232"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9",
"url": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9"
}
],
"release_date": "2026-05-13T17:54:44.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "To mitigate this issue, configure any reverse proxies or load balancers in front of Netty to either reject HTTP/1.0 requests containing both Transfer-Encoding: chunked and Content-Length headers, or to explicitly prioritize the Transfer-Encoding header over Content-Length for HTTP/1.0 traffic. This ensures consistent interpretation of message boundaries and prevents request smuggling attacks.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers"
},
{
"cve": "CVE-2026-42583",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-13T19:01:32.498598+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477219"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted LZ4 compressed data stream. This can cause the Lz4FrameDecoder to allocate a large amount of memory (up to 32 MB per block) before the LZ4 decompression runs, leading to excessive memory consumption and a denial of service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Netty\u0027s LZ4FrameDecoder. The decoder allocates a buffer based on the decompressed length from the LZ4 frame header (up to 32 MB per block) before decompression runs. A remote attacker can send a small crafted LZ4 header (as few as 22 bytes) to force excessive memory allocation, leading to a denial of service. Red Hat products that use Netty with LZ4 compression enabled are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42583"
},
{
"category": "external",
"summary": "RHBZ#2477219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42583",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42583"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-mj4r-2hfc-f8p6",
"url": "https://github.com/netty/netty/security/advisories/GHSA-mj4r-2hfc-f8p6"
}
],
"release_date": "2026-05-13T18:09:19.817000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder"
},
{
"cve": "CVE-2026-42584",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-05-13T19:01:51.846351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477224"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses (103, followed by a 200 with a GET body, then another 200 for a HEAD request) when the client pipelines GET then HEAD requests. This can cause the HttpClientCodec to incorrectly pair responses, leading to subsequent HTTP responses being parsed from the wrong offset. This issue may result in information disclosure or other data integrity problems due to misinterpretation of network traffic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in Netty\u0027s HttpClientCodec allows a remote attacker to cause data confusion. By sending a specially crafted sequence of HTTP responses, an attacker can cause subsequent HTTP responses to be parsed incorrectly, potentially leading to information disclosure or data integrity issues in applications utilizing Netty for HTTP client operations. This vulnerability affects various Red Hat products that bundle Netty, including Red Hat AMQ, Enterprise Application Platform, Red Hat Build of Quarkus, and Red Hat Build of Keycloak.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42584"
},
{
"category": "external",
"summary": "RHBZ#2477224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477224"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42584"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3",
"url": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3"
}
],
"release_date": "2026-05-13T18:10:48.437000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion"
},
{
"cve": "CVE-2026-42587",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-13T19:01:35.415881+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Netty\u0027s HTTP content decompression. A remote attacker can exploit this flaw by sending specially crafted compressed payloads using Brotli, Zstandard, or Snappy encodings, bypassing configured decompression limits. This leads to unbounded memory allocation, potentially causing an out-of-memory condition and rendering affected Red Hat systems unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42587"
},
{
"category": "external",
"summary": "RHBZ#2477220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42587",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42587"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"
}
],
"release_date": "2026-05-13T18:22:21.699000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression"
},
{
"cve": "CVE-2026-44249",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-06-11T22:02:05.327173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488081"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo() function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended network restrictions, potentially leading to unauthorized access or exposure of services.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in netty-handler is rated as Important because a remote attacker can bypass configured IPv6 subnet filtering rules. This flaw, stemming from an incorrect masking operation, could allow unauthorized access to or exposure of services that are intended to be network-restricted within Red Hat products utilizing the affected Netty component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44249"
},
{
"category": "external",
"summary": "RHBZ#2488081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488081"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44249",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44249"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44249",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44249"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86",
"url": "https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86"
}
],
"release_date": "2026-06-11T20:46:14.110000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation"
},
{
"cve": "CVE-2026-44486",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:30.944384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in the Axios Node.js HTTP adapter. Red Hat products utilizing Axios in a Node.js environment with an authenticated proxy and automatic redirects enabled are susceptible. The vulnerability arises when a request, initially sent through an authenticated proxy, is redirected to a target that no longer uses the proxy, potentially leaking `Proxy-Authorization` headers containing sensitive credentials to an untrusted remote server. This risk is heightened in deployments where applications interact with untrusted HTTP origins.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "RHBZ#2487947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc",
"url": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc"
}
],
"release_date": "2026-06-11T15:39:07.714000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects"
},
{
"cve": "CVE-2026-44487",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:34.091476+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via redirect flows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in Axios affecting Node.js environments. When an application uses Axios with an authenticated HTTP proxy and follows redirects from an HTTP to a non-proxied HTTPS destination, the Proxy-Authorization header may be inadvertently sent to the final origin server. This could lead to the exposure of sensitive proxy credentials to an unintended third party.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "RHBZ#2487948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v",
"url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"
}
],
"release_date": "2026-06-11T15:38:25.150000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via redirect flows"
},
{
"cve": "CVE-2026-44488",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-11T17:01:36.836488+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487949"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Denial of Service due to unenforced request and response size limits",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A denial of service flaw was found in Axios, a JavaScript HTTP client library. This issue arises when applications utilize the `fetch` adapter, as configured request and response size limits are not properly enforced. A remote attacker could exploit this by sending or receiving excessively large data bodies, leading to resource exhaustion and potential denial of service in affected server-side applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "RHBZ#2487949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf"
}
],
"release_date": "2026-06-11T15:37:38.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Denial of Service due to unenforced request and response size limits"
},
{
"cve": "CVE-2026-44492",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-11T17:00:56.761751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487938"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in Axios, a JavaScript HTTP client library, that allows for a proxy bypass. When a `NO_PROXY` environment variable is configured to prevent direct connections to specific IPv4 addresses, an attacker can craft a request URL using the IPv4-mapped IPv6 address format. This bypasses the intended `NO_PROXY` exclusion, routing the request through the configured proxy and potentially exposing internal services or sensitive information, such as cloud instance metadata credentials.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "RHBZ#2487938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"
}
],
"release_date": "2026-06-11T15:29:13.890000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization"
},
{
"cve": "CVE-2026-44494",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:01:12.945664+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to escalate any existing Object.prototype pollution in an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the Axios library allows an attacker to escalate existing prototype pollution vulnerabilities within an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. By injecting a malicious proxy configuration into the `Object.prototype`, an attacker can intercept, read, and modify all HTTP traffic, including sensitive authentication credentials, without direct user interaction. This poses a significant risk to data confidentiality and integrity in Red Hat products that utilize the Axios library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "RHBZ#2487942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44494",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44494"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh",
"url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
}
],
"release_date": "2026-06-11T15:32:03.155000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution"
},
{
"cve": "CVE-2026-44495",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:00:53.999811+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure due to prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in Axios, a promise-based HTTP client, can lead to information disclosure, including credential theft and response hijacking, or denial of service. Exploitation requires a separate prototype pollution vulnerability in the same JavaScript process, allowing an attacker to control `Object.prototype.transformResponse`. Red Hat products using affected Axios versions are at risk if another component introduces such pollution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "RHBZ#2487937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"
}
],
"release_date": "2026-06-11T15:33:12.433000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure due to prototype pollution vulnerability"
},
{
"cve": "CVE-2026-44496",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-06-11T17:01:15.856386+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Axios can lead to a client-side Denial of Service. An attacker capable of influencing the XSRF cookie name within a browser environment could trigger excessive regular expression processing, causing the affected browser tab to freeze and degrade user availability. This issue specifically impacts browser-based applications and does not affect Node.js HTTP adapter usage, React Native, or web workers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "RHBZ#2487943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
}
],
"release_date": "2026-06-11T15:34:28.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
},
{
"cve": "CVE-2026-44774",
"cwe": {
"id": "CWE-15",
"name": "External Control of System or Configuration Setting"
},
"discovery_date": "2026-05-15T17:01:12.579630+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik. A low-privileged tenant with HTTPRoute creation permissions in Traefik\u0027s Kubernetes Gateway API provider can bypass security settings. This allows the tenant to expose the REST provider handler and gain live dynamic configuration write access to Traefik. This vulnerability enables unauthorized reconfiguration of routers and services, potentially leading to privilege escalation within the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "traefik: Traefik: Privilege escalation via Kubernetes Gateway API provider configuration bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44774"
},
{
"category": "external",
"summary": "RHBZ#2477937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44774",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44774"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v2.11.46",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.46"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.6.17",
"url": "https://github.com/traefik/traefik/releases/tag/v3.6.17"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.7.1",
"url": "https://github.com/traefik/traefik/releases/tag/v3.7.1"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-96qj-4jj5-wcjc",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-96qj-4jj5-wcjc"
}
],
"release_date": "2026-05-15T16:30:43.265000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Upgrade Traefik to version 2.11.46 or later (2.x line), 3.6.17 or later (3.6.x line), or 3.7.1 or later (3.7.x line) by installing updated Red Hat OpenShift Dev Spaces releases that ship a fixed traefik-rhel9 container image.\n\nUntil updated images are available, limit which principals can create HTTPRoute resources in namespaces where Traefik runs with the Kubernetes Gateway API provider. Disable or tightly restrict the Traefik REST dynamic configuration provider in shared Gateway deployments, and block untrusted use of TraefikService backends that reference @internal handlers.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "traefik: Traefik: Privilege escalation via Kubernetes Gateway API provider configuration bypass"
},
{
"cve": "CVE-2026-44893",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2026-06-12T15:01:18.066312+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in netty-codec-haproxy, a component of the Netty network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy message with a malformed PP2_TYPE_SSL TLV (Type-Length-Value) header. This can lead to an IndexOutOfBoundsException and prevent the release of retained memory, ultimately causing a Denial of Service (DoS) condition for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as Important because a remote, unauthenticated attacker can trigger a denial of service in applications utilizing `netty-codec-haproxy`. By sending a specially crafted HAProxy message with a malformed SSL TLV header, an attacker can cause an `IndexOutOfBoundsException`, leading to unreleased memory and resource exhaustion. This can render the affected application unresponsive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44893"
},
{
"category": "external",
"summary": "RHBZ#2488383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44893",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44893"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44893",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44893"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-cc37-9q2j-3hfv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-cc37-9q2j-3hfv"
}
],
"release_date": "2026-06-12T14:00:25.801000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message"
},
{
"cve": "CVE-2026-45292",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-28T17:02:14.674828+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482785"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenTelemetry Java, specifically within the baggage propagation implementation of opentelemetry-api and opentelemetry-extension-trace-propagators. A remote attacker can exploit this vulnerability by sending oversized baggage, which leads to unbounded memory allocation and high CPU consumption. This can result in a Denial of Service (DoS) for the affected service. Furthermore, because baggage is automatically re-injected into outgoing requests, the impact can spread to other downstream services.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in OpenTelemetry Java\u0027s baggage propagation, affecting Red Hat products that use OpenTelemetry for telemetry. A remote attacker can exploit this by sending excessively large baggage, leading to uncontrolled memory and CPU usage. The vulnerability\u0027s impact can extend to downstream services due to automatic re-injection of baggage into outgoing requests.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45292"
},
{
"category": "external",
"summary": "RHBZ#2482785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45292",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45292"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45292",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45292"
},
{
"category": "external",
"summary": "https://github.com/open-telemetry/opentelemetry-java/commit/03837d3c1763bc35464aea1078671e2ef2336a5f",
"url": "https://github.com/open-telemetry/opentelemetry-java/commit/03837d3c1763bc35464aea1078671e2ef2336a5f"
},
{
"category": "external",
"summary": "https://github.com/open-telemetry/opentelemetry-java/pull/8380",
"url": "https://github.com/open-telemetry/opentelemetry-java/pull/8380"
},
{
"category": "external",
"summary": "https://github.com/open-telemetry/opentelemetry-java/releases/tag/v1.62.0",
"url": "https://github.com/open-telemetry/opentelemetry-java/releases/tag/v1.62.0"
},
{
"category": "external",
"summary": "https://github.com/open-telemetry/opentelemetry-java/security/advisories/GHSA-rcgg-9c38-7xpx",
"url": "https://github.com/open-telemetry/opentelemetry-java/security/advisories/GHSA-rcgg-9c38-7xpx"
}
],
"release_date": "2026-05-28T16:37:29.490000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage"
},
{
"cve": "CVE-2026-45736",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-05-15T16:00:55.786944+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477914"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in the `ws` WebSocket library for Node.js could lead to sensitive information disclosure. The flaw occurs when a `TypedArray` is specifically provided as the `reason` argument to the `websocket.close()` function, potentially exposing uninitialized memory. Red Hat products utilizing this library may be affected if their implementations allow for such a crafted `close()` call.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "RHBZ#2477914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477914"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45736",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086",
"url": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx"
}
],
"release_date": "2026-05-15T14:53:57.263000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`"
},
{
"cve": "CVE-2026-46595",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2026-05-22T04:01:52.215134+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/crypto/ssh is vulnerable to authorization bypass when SSH server configurations rely on source-address validation alongside non-public-key authentication callbacks. An attacker with low privileges who can authenticate through such a callback path may bypass intended source-address restrictions and gain unauthorized SSH access. Red Hat impact sits in services built with affected x/crypto/ssh, including RHEL golang streams, hummingbird Go toolchains, RHACM/MCE agents, and OpenShift or Ceph components that embed Go SSH servers with mixed callback types.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "RHBZ#2480689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-46595",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46595"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://go.dev/cl/781642",
"url": "https://go.dev/cl/781642"
},
{
"category": "external",
"summary": "https://go.dev/issue/79570",
"url": "https://go.dev/issue/79570"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5023",
"url": "https://pkg.go.dev/vuln/GO-2026-5023"
}
],
"release_date": "2026-05-22T02:31:27.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/crypto/ssh release via updated golang or package rebuilds. Ensure SSH servers use supported public-key callback configurations with source-address validation as intended.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation"
},
{
"cve": "CVE-2026-48043",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-06-12T16:02:56.371830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488442"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the `DelegatingDecompressorFrameListener` class. This resource leak could lead to an Out Of Memory Error (OOME), potentially causing a Denial of Service (DoS) by taking down the entire Java Virtual Machine (JVM).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw in netty-codec-http2, affecting Red Hat products that utilize HTTP/2 communication with decompression. A remote attacker can exploit a resource leak in the `DelegatingDecompressorFrameListener` by sending malformed HTTP/2 frames, potentially leading to an Out Of Memory Error and causing the Java Virtual Machine to terminate. This could disrupt service availability in affected deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48043"
},
{
"category": "external",
"summary": "RHBZ#2488442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488442"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48043"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-c2gf-v879-257j",
"url": "https://github.com/netty/netty/security/advisories/GHSA-c2gf-v879-257j"
}
],
"release_date": "2026-06-12T14:39:52.498000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak"
},
{
"cve": "CVE-2026-48059",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-12T16:02:40.032749+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488437"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested `PP2_TYPE_SSL` type-length-value (TLV) records. This can lead to a memory leak, causing the underlying cumulation buffer to remain permanently pinned and potentially resulting in a Denial of Service (DoS) due to resource exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in the Netty HAProxy PROXY protocol v2 codec, which can lead to a denial of service. A remote attacker can trigger a memory leak by sending a specially crafted HAProxy PROXY protocol v2 header with deeply nested SSL TLV records, causing resource exhaustion in affected Red Hat products that utilize this codec.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48059"
},
{
"category": "external",
"summary": "RHBZ#2488437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488437"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48059",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48059"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48059",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48059"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-h2qv-fj59-j46j",
"url": "https://github.com/netty/netty/security/advisories/GHSA-h2qv-fj59-j46j"
}
],
"release_date": "2026-06-12T14:42:44.677000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers"
},
{
"cve": "CVE-2026-48779",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-06-16T22:01:24.571224+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489661"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `ws` WebSocket library. A remote attacker can exploit this flaw by sending a high volume of small, fragmented data, leading to excessive memory consumption and subsequent process termination. This can result in service disruption for Red Hat products that utilize `ws` for WebSocket communication.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "RHBZ#2489661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489661"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7",
"url": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53",
"url": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94",
"url": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8",
"url": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p"
}
],
"release_date": "2026-06-16T21:26:22.537000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments"
},
{
"cve": "CVE-2026-50559",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-06-09T10:55:32.426000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2486959"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in Quarkus where HTTP path-based authorization policies can be bypassed by a remote attacker. Specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes can circumvent security controls, allowing unauthorized access to protected static resources and leading to information disclosure. This is critical in deployments where Quarkus applications serve sensitive static content and rely solely on path-based authorization.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-50559"
},
{
"category": "external",
"summary": "RHBZ#2486959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-50559",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-50559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-50559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50559"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/security/advisories/GHSA-qcxp-gm7m-4j5v",
"url": "https://github.com/quarkusio/quarkus/security/advisories/GHSA-qcxp-gm7m-4j5v"
}
],
"release_date": "2026-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T17:12:17+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:1384e5ba2b7d23119a49d8713826f4c65668bca310589ac7abd0c0d41c7e4c90_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:7f58528b1da9146aa55917324fdf2b375794742b34e5d10ff57f713af60746cd_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:844c3b1499b00aeadfc561642e53792ad80f535efd53b35793ba08b0f26c6d61_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-rhel9@sha256:e1019c30e1d84e66d775d0d6fc7d051803dcbe44823fb2a1914807be39c79dae_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:8c9a7ebf430b9f4ca200c6c70b049e8456cf88fd8bf0871b42d65e8dc786d451_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:926d965e6fd12ec0d758270fb4c90bbdc1a05e60cc4c895cf9b671a296c9d867_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e8e807451e3c5d8d0a8575e1280d7125a4ece51547a7b4a5cd247837662cedad_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:f2a24aa01cbe0d926d4aefe3b12eba21eb5ec7f87276e572a6814c727228624c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:45cc0d783d1e7874ac73dfbdfe7e03c63b227ab3c4f1e15a0a2f5c97956a76d9_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:6f3eb26734e89375c3e1fb7ac366e12dc0d41bac8f07de9210c7e9845a01eec1_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:768c45fa9f35d98dfe5cfe1ea12f552402bf68ac6e1f828b14310ef59ce57c40_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/configbump-rhel9@sha256:b5f1bf30495f6be97c696cf7f90768629cee96f8d106f745bf95fdefddc99592_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:137ffbb95d463d95da6c350600d968f3cd0e9873bf2e7c6edf952ae3229e9e2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cccdfd7e90877c27c6d8caea4f1e8ad89bb97c83d97ddf570d4f4ee116f1986_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:71657b82894cfd9e350746f48965e148868a675b9a20dcb7f94a6bc7a5b16ea5_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/dashboard-rhel9@sha256:881e405e32821ef10cf992c7a633281c1dc45df721fe909048df1689472000ce_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:6c85b42ede0f4745ed558bcb03d033c49f56cef17a70c12e5308066124cac6e3_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:091529a93e258a612fd4a98222e6a370ee10b4e97efa791b50f79a2670163d01_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:0e8958a22f6771ddfe32b34027c69dbbef65d980c7e465a79d4202d2627994ad_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5a8b0203ff083113e8b30a123ab30c4bad571f57fb59c1e7e01807b92552504e_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:89bf6a32a0935cacadbc6d23566dce6ca741e404d58c11050638c7b8e868028b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:077cc953354ea2edd85569a622f97c15d44163d68234e7a9fdee899d25c19cdb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:66285f866090e1bfbedacd592e9d5ea9f2a30b88aa03bc86bc790d6b98a929a4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8c80054171d5063457df4bd074674b1824783a101dacb6137da227080aff957c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:b0f15904251c6665961eef9c944d00f17499f7219351fe213fe7935f62fbf7ac_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:62476ac2fb0096caa9b181f523cc3573ccffe70be1433f08d1d0255b6d3a0640_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:6f632bc9829880a44e2e94084284b52683b4a01dc3315043b0aa32eb344b16cb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:aa3d1cf7853bfe8307efb01f714585f378d1d3d4ed5de7c8808a72e4aeecd4f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:bf1d4b2b1ef03e65be59699ce3233a75a34e1777abc182984c7a8efa698a936e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:141f17d12c748c7ab9e94cfd9db7e2492d3063e7478249d6430ac0d8fcfb8875_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:5909184fe3d37eb45ba3bf55d7b708d818f2a5abfc2949c4a7081a5cd30cea4f_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:6217f0bb4937fa0e0fc0a5c86456fdc1992e169dfedc3d11d5165cef575d4d53_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:d55a55a36a23e7deb83718bd5dcc19b083b84d441add72ea7f4e28935e4717e3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:0f8e1171f278395f3c72e4d9d3c0492bed15b678963fb2b6182bd65343b85a2e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:823bb59b1c7d01557c29f9f1e4a4ee39814c38d826b06c3c9de4b8d179078419_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:93c7e9b321c7e9aa4a412a993a6b20412e24772832cc0dd23bbb17aa25f15487_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/oauth2-proxy-rhel9@sha256:9e50b45f81fedab27e896f04b80bacaa01d8370ff5679147f95ad79b61972d83_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:8f145d4e336bd77fcc94f0845f9ebf94563ffd96d56794d96a665c11241df152_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:981917806c7faf31156241cc85577cf375ee566f78adaeadc096d0ba8482b835_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af3ed91687500d64e2348cca4877c43f73211b8fbd132e7767c3521763185348_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c05020e5ee5bddc62e38493cd16b6e4ffde7c2248a00d710f32b90a6ee12ceeb_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2af86b409540513f6da1afa83110a5cafe8778d2ec16332faa31c964bd5f43f7_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:2f3bec76a833a72c7dfa93ed55e55e80e2621c154e5a2f156deaf78d7c6b97b4_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:81a2385be30079500f13f97a18607aa685abd61265bf8fa78bc6ce126341be50_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fdc8f64f3b82b200a5e31b01b8612069f1aa897014085c1de755394552a1a70a_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:856b9088dbda4e7374daf232602f4bb90b05ad1be1df46d6e363a002f549f4de_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:a107ae2f7b140f2fb2243f33c378228c2f164cfd2d23f57e63f6c424fd400929_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:e21de356b7d879800a96f6c5aeee6bc59a3ed9c58d36503f7089625ce887bb25_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/server-rhel9@sha256:fcaf6d60d682cf51866948ea3b4846c2993e2801adb69dc745ffa832318f515c_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:11f005939e15d63057bf2f0a988b6baebc275d3e752e9f7696d0f7f5266fd5d6_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:4b4c98be96a932d508fad769eff61bff2a44e13baa60b22b6c543f4a11eb71c2_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:6c87453ffe89e8be752ee40c8a9ccf6894c83be703f13901b1e8b64a4c0e549a_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/traefik-rhel9@sha256:c18a1c50a4fc7081c6564d1c4ed4904212b7939a4f1f46afef0a36dc1d76f38e_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:33367b9fdb3addce3302ad35bc10423505fefe3dd27b8b9013b26d66caac2a6c_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:72cbdb061cbcd295be5e66a0eabb409af16ade7f0aa12b04c2d7327e9e1a24ba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:d0379f9da8cbb5514394a4550ff0d79f90fa691fcced5806296479c7b63353da_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e99d1d877bd7335736cbaeb4db5b9904369a1d07f6df332c38ad79ff1256b67b_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06285611aef2528fc92c5cebb66ff4c74fe44d457f43cf9ec2f4a98c3c68d25e_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:25e0f4153eb5bc6fbc6b389d5adc81bfde103070ef58317c3c25ce4144a628d3_arm64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:acd3c0369c18cbfa63a5972ed1721f93f1fcb456963ff855dea2c295baf1cdb8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-base-rhel9@sha256:d086075db52f4476aa64d7e2680baa01e99da246275fa9cae0ba4a74de63c7f3_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:07d89c1b524d1451051feb865bc716da2197add90fa0c58c4cf4a82975ec846c_s390x",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:6582e647d7dd604e25977ec1579969aa1fcb29ead1a0ea65833531d633bbdd2b_amd64",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:75e3aec03dffbd0f40f88a08ff5e0319f4515d73f0bcfae28b5fa526b494afc4_ppc64le",
"Red Hat OpenShift Dev Spaces 3.29:registry.redhat.io/devspaces/udi-rhel9@sha256:f0079e8ae53d84223aea2d3186e7bc6b525b7c03d307cde50cfb9f1bbc18712b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters"
}
]
}
SUSE-SU-2026:22368-1
Vulnerability from csaf_suse - Published: 2026-06-25 12:57 - Updated: 2026-06-25 12:57| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs22",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs22 fixes the following issues\n\nUpdate to 22.23.0:\n\n- CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response\n delivery (bsc#1268479).\n- CVE-2026-9496: pacote: excessive CPU consumption in `addGitSha` when processing a specially crafted `spec.rawSpec`\n value can lead to DoS (bsc#1266318).\n- CVE-2026-9679: undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding (bsc#1268477).\n- CVE-2026-11525: undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header\n (bsc#1268481).\n- CVE-2026-12151: undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (bsc#1268482).\n- CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths\n and can cause a denial of service (bsc#1256576).\n- CVE-2026-21710: uncaught TypeError exception can cause a denial of service (bsc#1260455).\n- CVE-2026-21713: timing side-channel in HMAC verification via memcmp can lead to potential MAC forgery (bsc#1260463).\n- CVE-2026-21714: WINDOW_UPDATE frames on stream 0 can lead to memory leak (bsc#1260480).\n- CVE-2026-21715: permission model bypass in realpathSync.native can allow file existence disclosure (bsc#1260482).\n- CVE-2026-21716: promise-based FileHandle methods can be used to modify file permissions and ownership (bsc#1260462).\n- CVE-2026-21717: crafted request can lead to hash collisions trivially predictable (bsc#1260494).\n- CVE-2026-27135: nghttp2: assertion failure due to missing state validation can lead to DoS (bsc#1259853).\n- CVE-2026-40170: ngtcp2: qlog parameters_set stack buffer overflow (bsc#1262274).\n- CVE-2026-42338: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (bsc#1268097).\n- CVE-2026-48615: Proxy credentials leaked in ERR_PROXY_TUNNEL error message (bsc#1268598).\n- CVE-2026-48617: permission model enforcement bypass via `process.report.writeReport()` path misvalidation\n (bsc#1268554).\n- CVE-2026-48618: Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to\n resolver and verifier hostname normalization mismatch (bsc#1268593).\n- CVE-2026-48619: Unbounded memory growth in node:http2 clients via attacker-controlled ORIGIN frames (bsc#1268618).\n- CVE-2026-48928: Uppercase sni context matching can lead to mtls authorization bypass due to case-sensitive hostname\n matching (bsc#1268605).\n- CVE-2026-48930: Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver\n bindings (bsc#1268606).\n- CVE-2026-48931: HTTP Response Queue Poisoning via TOCTOU Race Condition in http.Agent (bsc#1268611).\n- CVE-2026-48933: Node.js WebCrypto AES Integer Overflow Leads to Remote Process Abort (bsc#1268592).\n- CVE-2026-48934: TLS host identity verification bypass via session reuse with different servername leads to\n unauthorized connections (bsc#1268608).\n- CVE-2026-48935: Permission Model bypass via FileHandle.utimes() in the promises API (bsc#1268609).\n- CVE-2026-48937: servers keep accepting data even after sending a `GOAWAY` frame (bsc#1268555).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-1079",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22368-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22368-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622368-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22368-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-July/047771.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256576",
"url": "https://bugzilla.suse.com/1256576"
},
{
"category": "self",
"summary": "SUSE Bug 1259853",
"url": "https://bugzilla.suse.com/1259853"
},
{
"category": "self",
"summary": "SUSE Bug 1260455",
"url": "https://bugzilla.suse.com/1260455"
},
{
"category": "self",
"summary": "SUSE Bug 1260462",
"url": "https://bugzilla.suse.com/1260462"
},
{
"category": "self",
"summary": "SUSE Bug 1260463",
"url": "https://bugzilla.suse.com/1260463"
},
{
"category": "self",
"summary": "SUSE Bug 1260480",
"url": "https://bugzilla.suse.com/1260480"
},
{
"category": "self",
"summary": "SUSE Bug 1260482",
"url": "https://bugzilla.suse.com/1260482"
},
{
"category": "self",
"summary": "SUSE Bug 1260494",
"url": "https://bugzilla.suse.com/1260494"
},
{
"category": "self",
"summary": "SUSE Bug 1262274",
"url": "https://bugzilla.suse.com/1262274"
},
{
"category": "self",
"summary": "SUSE Bug 1266318",
"url": "https://bugzilla.suse.com/1266318"
},
{
"category": "self",
"summary": "SUSE Bug 1268097",
"url": "https://bugzilla.suse.com/1268097"
},
{
"category": "self",
"summary": "SUSE Bug 1268477",
"url": "https://bugzilla.suse.com/1268477"
},
{
"category": "self",
"summary": "SUSE Bug 1268479",
"url": "https://bugzilla.suse.com/1268479"
},
{
"category": "self",
"summary": "SUSE Bug 1268481",
"url": "https://bugzilla.suse.com/1268481"
},
{
"category": "self",
"summary": "SUSE Bug 1268482",
"url": "https://bugzilla.suse.com/1268482"
},
{
"category": "self",
"summary": "SUSE Bug 1268554",
"url": "https://bugzilla.suse.com/1268554"
},
{
"category": "self",
"summary": "SUSE Bug 1268555",
"url": "https://bugzilla.suse.com/1268555"
},
{
"category": "self",
"summary": "SUSE Bug 1268592",
"url": "https://bugzilla.suse.com/1268592"
},
{
"category": "self",
"summary": "SUSE Bug 1268593",
"url": "https://bugzilla.suse.com/1268593"
},
{
"category": "self",
"summary": "SUSE Bug 1268598",
"url": "https://bugzilla.suse.com/1268598"
},
{
"category": "self",
"summary": "SUSE Bug 1268605",
"url": "https://bugzilla.suse.com/1268605"
},
{
"category": "self",
"summary": "SUSE Bug 1268606",
"url": "https://bugzilla.suse.com/1268606"
},
{
"category": "self",
"summary": "SUSE Bug 1268608",
"url": "https://bugzilla.suse.com/1268608"
},
{
"category": "self",
"summary": "SUSE Bug 1268609",
"url": "https://bugzilla.suse.com/1268609"
},
{
"category": "self",
"summary": "SUSE Bug 1268611",
"url": "https://bugzilla.suse.com/1268611"
},
{
"category": "self",
"summary": "SUSE Bug 1268618",
"url": "https://bugzilla.suse.com/1268618"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-11525 page",
"url": "https://www.suse.com/security/cve/CVE-2026-11525/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-12151 page",
"url": "https://www.suse.com/security/cve/CVE-2026-12151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21710 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21713 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21717 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27135 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-40170 page",
"url": "https://www.suse.com/security/cve/CVE-2026-40170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42338 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48615 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48617 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48618 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48619 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48928 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48930 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48931 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48933 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48934 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48935 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48937 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6733 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9496 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9679 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9679/"
}
],
"title": "Security update for nodejs22",
"tracking": {
"current_release_date": "2026-06-25T12:57:12Z",
"generator": {
"date": "2026-06-25T12:57:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22368-1",
"initial_release_date": "2026-06-25T12:57:12Z",
"revision_history": [
{
"date": "2026-06-25T12:57:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-160000.1.1.aarch64",
"product": {
"name": "corepack22-22.23.0-160000.1.1.aarch64",
"product_id": "corepack22-22.23.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-160000.1.1.aarch64",
"product": {
"name": "nodejs22-22.23.0-160000.1.1.aarch64",
"product_id": "nodejs22-22.23.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-160000.1.1.aarch64",
"product": {
"name": "nodejs22-devel-22.23.0-160000.1.1.aarch64",
"product_id": "nodejs22-devel-22.23.0-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-160000.1.1.aarch64",
"product": {
"name": "npm22-22.23.0-160000.1.1.aarch64",
"product_id": "npm22-22.23.0-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-docs-22.23.0-160000.1.1.noarch",
"product": {
"name": "nodejs22-docs-22.23.0-160000.1.1.noarch",
"product_id": "nodejs22-docs-22.23.0-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-160000.1.1.ppc64le",
"product": {
"name": "corepack22-22.23.0-160000.1.1.ppc64le",
"product_id": "corepack22-22.23.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-160000.1.1.ppc64le",
"product": {
"name": "nodejs22-22.23.0-160000.1.1.ppc64le",
"product_id": "nodejs22-22.23.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"product": {
"name": "nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"product_id": "nodejs22-devel-22.23.0-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-160000.1.1.ppc64le",
"product": {
"name": "npm22-22.23.0-160000.1.1.ppc64le",
"product_id": "npm22-22.23.0-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-160000.1.1.s390x",
"product": {
"name": "corepack22-22.23.0-160000.1.1.s390x",
"product_id": "corepack22-22.23.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-160000.1.1.s390x",
"product": {
"name": "nodejs22-22.23.0-160000.1.1.s390x",
"product_id": "nodejs22-22.23.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-160000.1.1.s390x",
"product": {
"name": "nodejs22-devel-22.23.0-160000.1.1.s390x",
"product_id": "nodejs22-devel-22.23.0-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-160000.1.1.s390x",
"product": {
"name": "npm22-22.23.0-160000.1.1.s390x",
"product_id": "npm22-22.23.0-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-160000.1.1.x86_64",
"product": {
"name": "corepack22-22.23.0-160000.1.1.x86_64",
"product_id": "corepack22-22.23.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-160000.1.1.x86_64",
"product": {
"name": "nodejs22-22.23.0-160000.1.1.x86_64",
"product_id": "nodejs22-22.23.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-160000.1.1.x86_64",
"product": {
"name": "nodejs22-devel-22.23.0-160000.1.1.x86_64",
"product_id": "nodejs22-devel-22.23.0-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-160000.1.1.x86_64",
"product": {
"name": "npm22-22.23.0-160000.1.1.x86_64",
"product_id": "npm22-22.23.0-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "corepack22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "corepack22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x"
},
"product_reference": "corepack22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "corepack22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.23.0-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch"
},
"product_reference": "nodejs22-docs-22.23.0-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "npm22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "npm22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x"
},
"product_reference": "npm22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "npm22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "corepack22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "corepack22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x"
},
"product_reference": "corepack22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "corepack22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "nodejs22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64"
},
"product_reference": "nodejs22-devel-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.23.0-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch"
},
"product_reference": "nodejs22-docs-22.23.0-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64"
},
"product_reference": "npm22-22.23.0-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le"
},
"product_reference": "npm22-22.23.0-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x"
},
"product_reference": "npm22-22.23.0-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
},
"product_reference": "npm22-22.23.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-11525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-11525"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nWhen undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example, SameSite=NoneOfYourBusiness is parsed as None (the most permissive setting), and SameSite=StrictLax is parsed as Lax (a downgrade from Strict).\n\nAffected applications are those that consume Set-Cookie headers from server responses (for example via undici\u0027s fetch or proxy code paths) and then forward or rely on the parsed sameSite attribute. A malicious or non-compliant server can coerce the consumer\u0027s view of a cookie\u0027s SameSite policy to a weaker value, silently degrading the SameSite enforcement the cookie is supposed to provide.\n\nThis was introduced in undici 5.15.0 when the cookies feature was added.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nAfter parsing a Set-Cookie header, validate that the resulting sameSite attribute is one of \u0027Strict\u0027, \u0027Lax\u0027, or \u0027None\u0027 (exact, case-insensitive) before forwarding or relying on it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-11525",
"url": "https://www.suse.com/security/cve/CVE-2026-11525"
},
{
"category": "external",
"summary": "SUSE Bug 1268481 for CVE-2026-11525",
"url": "https://bugzilla.suse.com/1268481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "low"
}
],
"title": "CVE-2026-11525"
},
{
"cve": "CVE-2026-12151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-12151"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nThe undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size validation, collectively causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.\n\nAffected applications are those using the undici WebSocket client (new WebSocket(...)) or the WebSocketStream API that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.\n\nAll releases starting at undici 6.17.0 are affected.\n\nPatches: Upgrade to undici \u003e= 6.26.0, \u003e= 7.28.0, or \u003e= 8.5.0. Workarounds:\nNo workaround is available. The fix must be applied through an upgrade.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-12151",
"url": "https://www.suse.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "SUSE Bug 1268482 for CVE-2026-12151",
"url": "https://bugzilla.suse.com/1268482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-12151"
},
{
"cve": "CVE-2026-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21637"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21637",
"url": "https://www.suse.com/security/cve/CVE-2026-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1256576 for CVE-2026-21637",
"url": "https://bugzilla.suse.com/1256576"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21637",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-21637"
},
{
"cve": "CVE-2026-21710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21710"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21710",
"url": "https://www.suse.com/security/cve/CVE-2026-21710"
},
{
"category": "external",
"summary": "SUSE Bug 1260455 for CVE-2026-21710",
"url": "https://bugzilla.suse.com/1260455"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21710",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-21710"
},
{
"cve": "CVE-2026-21713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21713"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21713",
"url": "https://www.suse.com/security/cve/CVE-2026-21713"
},
{
"category": "external",
"summary": "SUSE Bug 1260463 for CVE-2026-21713",
"url": "https://bugzilla.suse.com/1260463"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21713",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-21713"
},
{
"cve": "CVE-2026-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21714"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21714",
"url": "https://www.suse.com/security/cve/CVE-2026-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1260480 for CVE-2026-21714",
"url": "https://bugzilla.suse.com/1260480"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21714",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-21714"
},
{
"cve": "CVE-2026-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21715"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21715",
"url": "https://www.suse.com/security/cve/CVE-2026-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21715",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "low"
}
],
"title": "CVE-2026-21715"
},
{
"cve": "CVE-2026-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21716"
}
],
"notes": [
{
"category": "general",
"text": "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21716",
"url": "https://www.suse.com/security/cve/CVE-2026-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1260462 for CVE-2026-21716",
"url": "https://bugzilla.suse.com/1260462"
},
{
"category": "external",
"summary": "SUSE Bug 1260482 for CVE-2026-21716",
"url": "https://bugzilla.suse.com/1260482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-21716"
},
{
"cve": "CVE-2026-21717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21717"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in V8\u0027s string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8\u0027s internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21717",
"url": "https://www.suse.com/security/cve/CVE-2026-21717"
},
{
"category": "external",
"summary": "SUSE Bug 1260494 for CVE-2026-21717",
"url": "https://bugzilla.suse.com/1260494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-21717"
},
{
"cve": "CVE-2026-27135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27135"
}
],
"notes": [
{
"category": "general",
"text": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27135",
"url": "https://www.suse.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "SUSE Bug 1259835 for CVE-2026-27135",
"url": "https://bugzilla.suse.com/1259835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-27135"
},
{
"cve": "CVE-2026-40170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-40170"
}
],
"notes": [
{
"category": "general",
"text": "ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport parameters during the QUIC handshake to cause writes beyond the buffer boundary, resulting in a stack buffer overflow. This affects deployments that enable the qlog callback and process untrusted peer transport parameters. This issue has been fixed in version 1.22.1. If developers are unable to immediately upgrade, they can disable the qlog on client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-40170",
"url": "https://www.suse.com/security/cve/CVE-2026-40170"
},
{
"category": "external",
"summary": "SUSE Bug 1262273 for CVE-2026-40170",
"url": "https://bugzilla.suse.com/1262273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-40170"
},
{
"cve": "CVE-2026-42338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42338"
}
],
"notes": [
{
"category": "general",
"text": "ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error\u0027s parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42338",
"url": "https://www.suse.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "SUSE Bug 1268097 for CVE-2026-42338",
"url": "https://bugzilla.suse.com/1268097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-42338"
},
{
"cve": "CVE-2026-48615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48615"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages.\r\n\r\nWhen proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48615",
"url": "https://www.suse.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "SUSE Bug 1268598 for CVE-2026-48615",
"url": "https://bugzilla.suse.com/1268598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-48615"
},
{
"cve": "CVE-2026-48617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48617"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48617",
"url": "https://www.suse.com/security/cve/CVE-2026-48617"
},
{
"category": "external",
"summary": "SUSE Bug 1268554 for CVE-2026-48617",
"url": "https://bugzilla.suse.com/1268554"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48617"
},
{
"cve": "CVE-2026-48618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48618"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat.\r\n\r\nThis can lead to confidentiality impact or bypass of the intended security boundary under affected configurations.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48618",
"url": "https://www.suse.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "SUSE Bug 1268593 for CVE-2026-48618",
"url": "https://bugzilla.suse.com/1268593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-48618"
},
{
"cve": "CVE-2026-48619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48619"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48619",
"url": "https://www.suse.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "SUSE Bug 1268618 for CVE-2026-48619",
"url": "https://bugzilla.suse.com/1268618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48619"
},
{
"cve": "CVE-2026-48928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48928"
}
],
"notes": [
{
"category": "general",
"text": "A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48928",
"url": "https://www.suse.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "SUSE Bug 1268605 for CVE-2026-48928",
"url": "https://bugzilla.suse.com/1268605"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48928"
},
{
"cve": "CVE-2026-48930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48930"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48930",
"url": "https://www.suse.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "SUSE Bug 1268606 for CVE-2026-48930",
"url": "https://bugzilla.suse.com/1268606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48930"
},
{
"cve": "CVE-2026-48931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48931"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48931",
"url": "https://www.suse.com/security/cve/CVE-2026-48931"
},
{
"category": "external",
"summary": "SUSE Bug 1268611 for CVE-2026-48931",
"url": "https://bugzilla.suse.com/1268611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "low"
}
],
"title": "CVE-2026-48931"
},
{
"cve": "CVE-2026-48933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48933"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48933",
"url": "https://www.suse.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "SUSE Bug 1268592 for CVE-2026-48933",
"url": "https://bugzilla.suse.com/1268592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "important"
}
],
"title": "CVE-2026-48933"
},
{
"cve": "CVE-2026-48934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48934"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48934",
"url": "https://www.suse.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "SUSE Bug 1268608 for CVE-2026-48934",
"url": "https://bugzilla.suse.com/1268608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48934"
},
{
"cve": "CVE-2026-48935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48935"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. `--allow-fs-read`.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48935",
"url": "https://www.suse.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "SUSE Bug 1268609 for CVE-2026-48935",
"url": "https://bugzilla.suse.com/1268609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48935"
},
{
"cve": "CVE-2026-48937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48937"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame. This vulnerability affects two supported release lines: **Node.js 22** and **Node.js 24**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48937",
"url": "https://www.suse.com/security/cve/CVE-2026-48937"
},
{
"category": "external",
"summary": "SUSE Bug 1268555 for CVE-2026-48937",
"url": "https://bugzilla.suse.com/1268555"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-48937"
},
{
"cve": "CVE-2026-6733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6733"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nUndici\u0027s HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it associates the injected response with the new request, causing responses to be delivered to the wrong requests.\n\nThis requires an attacker-controlled or compromised upstream HTTP/1.1 server and keep-alive connection reuse.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nDisable keep-alive connection reuse by setting keepAliveTimeout: 0 on the Client or Pool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6733",
"url": "https://www.suse.com/security/cve/CVE-2026-6733"
},
{
"category": "external",
"summary": "SUSE Bug 1268479 for CVE-2026-6733",
"url": "https://bugzilla.suse.com/1268479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "low"
}
],
"title": "CVE-2026-6733"
},
{
"cve": "CVE-2026-9496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9496"
}
],
"notes": [
{
"category": "general",
"text": "Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function\u0027s regex replacement and string-manipulation logic, causing excessive CPU consumption and potentially stalling or crashing the process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9496",
"url": "https://www.suse.com/security/cve/CVE-2026-9496"
},
{
"category": "external",
"summary": "SUSE Bug 1266318 for CVE-2026-9496",
"url": "https://bugzilla.suse.com/1266318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-9496"
},
{
"cve": "CVE-2026-9679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9679"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nundici\u0027s cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 5.4 does not specify any decoding and browsers do not decode either.\n\nApplications that parse a Set-Cookie header and then forward the parsed value into a response header (proxies, middleware, SSR frameworks) become vulnerable to HTTP response header injection: an attacker-controlled upstream can inject arbitrary Set-Cookie, Location, or Cache-Control headers into the application\u0027s downstream response, enabling session fixation, open redirect, or cache poisoning.\n\nAffected applications are those that use undici\u0027s cookie parsing (parseSetCookie, parseCookie, getSetCookies) and forward the parsed cookie value into a response header.\n\nThis was introduced in undici 7.0.0 via PR #3789.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nIf upgrade is not immediately possible, do not forward values returned by parseSetCookie/parseCookie/getSetCookies directly into response headers; sanitize the value first to strip or reject CR, LF, NUL, ;, and = bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9679",
"url": "https://www.suse.com/security/cve/CVE-2026-9679"
},
{
"category": "external",
"summary": "SUSE Bug 1268477 for CVE-2026-9679",
"url": "https://bugzilla.suse.com/1268477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:npm22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:corepack22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-devel-22.23.0-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:nodejs22-docs-22.23.0-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:npm22-22.23.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:57:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-9679"
}
]
}
SUSE-SU-2026:2647-1
Vulnerability from csaf_suse - Published: 2026-06-26 10:34 - Updated: 2026-06-26 10:34| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs22",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs22 fixes the following issues\n\nUpdate to 22.23.0:\n\n- CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response\n delivery (bsc#1268479).\n- CVE-2026-9496: pacote: excessive CPU consumption in `addGitSha` when processing a specially crafted `spec.rawSpec`\n value can lead to DoS (bsc#1266318).\n- CVE-2026-9679: undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding (bsc#1268477).\n- CVE-2026-11525: undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header\n (bsc#1268481).\n- CVE-2026-12151: undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (bsc#1268482).\n- CVE-2026-27135: nghttp2: assertion failure due to missing state validation can lead to DoS (bsc#1259853).\n- CVE-2026-40170: ngtcp2: qlog parameters_set stack buffer overflow (bsc#1262274).\n- CVE-2026-42338: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (bsc#1268097).\n- CVE-2026-48615: Proxy credentials leaked in ERR_PROXY_TUNNEL error message (bsc#1268598).\n- CVE-2026-48617: permission model enforcement bypass via `process.report.writeReport()` path misvalidation\n (bsc#1268554).\n- CVE-2026-48618: Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to\n resolver and verifier hostname normalization mismatch (bsc#1268593).\n- CVE-2026-48619: Unbounded memory growth in node:http2 clients via attacker-controlled ORIGIN frames (bsc#1268618).\n- CVE-2026-48928: Uppercase sni context matching can lead to mtls authorization bypass due to case-sensitive hostname\n matching (bsc#1268605).\n- CVE-2026-48930: Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver\n bindings (bsc#1268606).\n- CVE-2026-48931: HTTP Response Queue Poisoning via TOCTOU Race Condition in http.Agent (bsc#1268611).\n- CVE-2026-48933: Node.js WebCrypto AES Integer Overflow Leads to Remote Process Abort (bsc#1268592).\n- CVE-2026-48934: TLS host identity verification bypass via session reuse with different servername leads to\n unauthorized connections (bsc#1268608).\n- CVE-2026-48935: Permission Model bypass via FileHandle.utimes() in the promises API (bsc#1268609).\n- CVE-2026-48937: servers keep accepting data even after sending a `GOAWAY` frame (bsc#1268555).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2647,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2647,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2647",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2647-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2647-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262647-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2647-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047643.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259853",
"url": "https://bugzilla.suse.com/1259853"
},
{
"category": "self",
"summary": "SUSE Bug 1262274",
"url": "https://bugzilla.suse.com/1262274"
},
{
"category": "self",
"summary": "SUSE Bug 1266318",
"url": "https://bugzilla.suse.com/1266318"
},
{
"category": "self",
"summary": "SUSE Bug 1268097",
"url": "https://bugzilla.suse.com/1268097"
},
{
"category": "self",
"summary": "SUSE Bug 1268477",
"url": "https://bugzilla.suse.com/1268477"
},
{
"category": "self",
"summary": "SUSE Bug 1268479",
"url": "https://bugzilla.suse.com/1268479"
},
{
"category": "self",
"summary": "SUSE Bug 1268481",
"url": "https://bugzilla.suse.com/1268481"
},
{
"category": "self",
"summary": "SUSE Bug 1268482",
"url": "https://bugzilla.suse.com/1268482"
},
{
"category": "self",
"summary": "SUSE Bug 1268554",
"url": "https://bugzilla.suse.com/1268554"
},
{
"category": "self",
"summary": "SUSE Bug 1268555",
"url": "https://bugzilla.suse.com/1268555"
},
{
"category": "self",
"summary": "SUSE Bug 1268592",
"url": "https://bugzilla.suse.com/1268592"
},
{
"category": "self",
"summary": "SUSE Bug 1268593",
"url": "https://bugzilla.suse.com/1268593"
},
{
"category": "self",
"summary": "SUSE Bug 1268598",
"url": "https://bugzilla.suse.com/1268598"
},
{
"category": "self",
"summary": "SUSE Bug 1268605",
"url": "https://bugzilla.suse.com/1268605"
},
{
"category": "self",
"summary": "SUSE Bug 1268606",
"url": "https://bugzilla.suse.com/1268606"
},
{
"category": "self",
"summary": "SUSE Bug 1268608",
"url": "https://bugzilla.suse.com/1268608"
},
{
"category": "self",
"summary": "SUSE Bug 1268609",
"url": "https://bugzilla.suse.com/1268609"
},
{
"category": "self",
"summary": "SUSE Bug 1268611",
"url": "https://bugzilla.suse.com/1268611"
},
{
"category": "self",
"summary": "SUSE Bug 1268618",
"url": "https://bugzilla.suse.com/1268618"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-11525 page",
"url": "https://www.suse.com/security/cve/CVE-2026-11525/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-12151 page",
"url": "https://www.suse.com/security/cve/CVE-2026-12151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27135 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-40170 page",
"url": "https://www.suse.com/security/cve/CVE-2026-40170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42338 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48615 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48617 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48618 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48619 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48928 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48930 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48931 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48933 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48934 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48935 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48937 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6733 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9496 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9679 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9679/"
}
],
"title": "Security update for nodejs22",
"tracking": {
"current_release_date": "2026-06-26T10:34:05Z",
"generator": {
"date": "2026-06-26T10:34:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2647-1",
"initial_release_date": "2026-06-26T10:34:05Z",
"revision_history": [
{
"date": "2026-06-26T10:34:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-150600.13.18.1.aarch64",
"product": {
"name": "corepack22-22.23.0-150600.13.18.1.aarch64",
"product_id": "corepack22-22.23.0-150600.13.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-150600.13.18.1.aarch64",
"product": {
"name": "nodejs22-22.23.0-150600.13.18.1.aarch64",
"product_id": "nodejs22-22.23.0-150600.13.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"product": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"product_id": "nodejs22-devel-22.23.0-150600.13.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-150600.13.18.1.aarch64",
"product": {
"name": "npm22-22.23.0-150600.13.18.1.aarch64",
"product_id": "npm22-22.23.0-150600.13.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-150600.13.18.1.i586",
"product": {
"name": "corepack22-22.23.0-150600.13.18.1.i586",
"product_id": "corepack22-22.23.0-150600.13.18.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-150600.13.18.1.i586",
"product": {
"name": "nodejs22-22.23.0-150600.13.18.1.i586",
"product_id": "nodejs22-22.23.0-150600.13.18.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-150600.13.18.1.i586",
"product": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.i586",
"product_id": "nodejs22-devel-22.23.0-150600.13.18.1.i586"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-150600.13.18.1.i586",
"product": {
"name": "npm22-22.23.0-150600.13.18.1.i586",
"product_id": "npm22-22.23.0-150600.13.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"product": {
"name": "nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"product_id": "nodejs22-docs-22.23.0-150600.13.18.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-150600.13.18.1.ppc64le",
"product": {
"name": "corepack22-22.23.0-150600.13.18.1.ppc64le",
"product_id": "corepack22-22.23.0-150600.13.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-150600.13.18.1.ppc64le",
"product": {
"name": "nodejs22-22.23.0-150600.13.18.1.ppc64le",
"product_id": "nodejs22-22.23.0-150600.13.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"product": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"product_id": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-150600.13.18.1.ppc64le",
"product": {
"name": "npm22-22.23.0-150600.13.18.1.ppc64le",
"product_id": "npm22-22.23.0-150600.13.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-150600.13.18.1.s390x",
"product": {
"name": "corepack22-22.23.0-150600.13.18.1.s390x",
"product_id": "corepack22-22.23.0-150600.13.18.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-150600.13.18.1.s390x",
"product": {
"name": "nodejs22-22.23.0-150600.13.18.1.s390x",
"product_id": "nodejs22-22.23.0-150600.13.18.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"product": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"product_id": "nodejs22-devel-22.23.0-150600.13.18.1.s390x"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-150600.13.18.1.s390x",
"product": {
"name": "npm22-22.23.0-150600.13.18.1.s390x",
"product_id": "npm22-22.23.0-150600.13.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.23.0-150600.13.18.1.x86_64",
"product": {
"name": "corepack22-22.23.0-150600.13.18.1.x86_64",
"product_id": "corepack22-22.23.0-150600.13.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.23.0-150600.13.18.1.x86_64",
"product": {
"name": "nodejs22-22.23.0-150600.13.18.1.x86_64",
"product_id": "nodejs22-22.23.0-150600.13.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"product": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"product_id": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm22-22.23.0-150600.13.18.1.x86_64",
"product": {
"name": "npm22-22.23.0-150600.13.18.1.x86_64",
"product_id": "npm22-22.23.0-150600.13.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6",
"product_id": "SUSE Linux Enterprise Server 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.23.0-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch"
},
"product_reference": "nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.23.0-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch"
},
"product_reference": "nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "nodejs22-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.23.0-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch"
},
"product_reference": "nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.23.0-150600.13.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
},
"product_reference": "npm22-22.23.0-150600.13.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-11525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-11525"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nWhen undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example, SameSite=NoneOfYourBusiness is parsed as None (the most permissive setting), and SameSite=StrictLax is parsed as Lax (a downgrade from Strict).\n\nAffected applications are those that consume Set-Cookie headers from server responses (for example via undici\u0027s fetch or proxy code paths) and then forward or rely on the parsed sameSite attribute. A malicious or non-compliant server can coerce the consumer\u0027s view of a cookie\u0027s SameSite policy to a weaker value, silently degrading the SameSite enforcement the cookie is supposed to provide.\n\nThis was introduced in undici 5.15.0 when the cookies feature was added.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nAfter parsing a Set-Cookie header, validate that the resulting sameSite attribute is one of \u0027Strict\u0027, \u0027Lax\u0027, or \u0027None\u0027 (exact, case-insensitive) before forwarding or relying on it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-11525",
"url": "https://www.suse.com/security/cve/CVE-2026-11525"
},
{
"category": "external",
"summary": "SUSE Bug 1268481 for CVE-2026-11525",
"url": "https://bugzilla.suse.com/1268481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "low"
}
],
"title": "CVE-2026-11525"
},
{
"cve": "CVE-2026-12151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-12151"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nThe undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size validation, collectively causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.\n\nAffected applications are those using the undici WebSocket client (new WebSocket(...)) or the WebSocketStream API that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.\n\nAll releases starting at undici 6.17.0 are affected.\n\nPatches: Upgrade to undici \u003e= 6.26.0, \u003e= 7.28.0, or \u003e= 8.5.0. Workarounds:\nNo workaround is available. The fix must be applied through an upgrade.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-12151",
"url": "https://www.suse.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "SUSE Bug 1268482 for CVE-2026-12151",
"url": "https://bugzilla.suse.com/1268482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-12151"
},
{
"cve": "CVE-2026-27135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27135"
}
],
"notes": [
{
"category": "general",
"text": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27135",
"url": "https://www.suse.com/security/cve/CVE-2026-27135"
},
{
"category": "external",
"summary": "SUSE Bug 1259835 for CVE-2026-27135",
"url": "https://bugzilla.suse.com/1259835"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "important"
}
],
"title": "CVE-2026-27135"
},
{
"cve": "CVE-2026-40170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-40170"
}
],
"notes": [
{
"category": "general",
"text": "ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport parameters during the QUIC handshake to cause writes beyond the buffer boundary, resulting in a stack buffer overflow. This affects deployments that enable the qlog callback and process untrusted peer transport parameters. This issue has been fixed in version 1.22.1. If developers are unable to immediately upgrade, they can disable the qlog on client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-40170",
"url": "https://www.suse.com/security/cve/CVE-2026-40170"
},
{
"category": "external",
"summary": "SUSE Bug 1262273 for CVE-2026-40170",
"url": "https://bugzilla.suse.com/1262273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "important"
}
],
"title": "CVE-2026-40170"
},
{
"cve": "CVE-2026-42338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42338"
}
],
"notes": [
{
"category": "general",
"text": "ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error\u0027s parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42338",
"url": "https://www.suse.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "SUSE Bug 1268097 for CVE-2026-42338",
"url": "https://bugzilla.suse.com/1268097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-42338"
},
{
"cve": "CVE-2026-48615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48615"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages.\r\n\r\nWhen proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48615",
"url": "https://www.suse.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "SUSE Bug 1268598 for CVE-2026-48615",
"url": "https://bugzilla.suse.com/1268598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "important"
}
],
"title": "CVE-2026-48615"
},
{
"cve": "CVE-2026-48617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48617"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48617",
"url": "https://www.suse.com/security/cve/CVE-2026-48617"
},
{
"category": "external",
"summary": "SUSE Bug 1268554 for CVE-2026-48617",
"url": "https://bugzilla.suse.com/1268554"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-48617"
},
{
"cve": "CVE-2026-48618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48618"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat.\r\n\r\nThis can lead to confidentiality impact or bypass of the intended security boundary under affected configurations.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48618",
"url": "https://www.suse.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "SUSE Bug 1268593 for CVE-2026-48618",
"url": "https://bugzilla.suse.com/1268593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "important"
}
],
"title": "CVE-2026-48618"
},
{
"cve": "CVE-2026-48619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48619"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48619",
"url": "https://www.suse.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "SUSE Bug 1268618 for CVE-2026-48619",
"url": "https://bugzilla.suse.com/1268618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-48619"
},
{
"cve": "CVE-2026-48928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48928"
}
],
"notes": [
{
"category": "general",
"text": "A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48928",
"url": "https://www.suse.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "SUSE Bug 1268605 for CVE-2026-48928",
"url": "https://bugzilla.suse.com/1268605"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-48928"
},
{
"cve": "CVE-2026-48930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48930"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48930",
"url": "https://www.suse.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "SUSE Bug 1268606 for CVE-2026-48930",
"url": "https://bugzilla.suse.com/1268606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-48930"
},
{
"cve": "CVE-2026-48931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48931"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48931",
"url": "https://www.suse.com/security/cve/CVE-2026-48931"
},
{
"category": "external",
"summary": "SUSE Bug 1268611 for CVE-2026-48931",
"url": "https://bugzilla.suse.com/1268611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "low"
}
],
"title": "CVE-2026-48931"
},
{
"cve": "CVE-2026-48933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48933"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48933",
"url": "https://www.suse.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "SUSE Bug 1268592 for CVE-2026-48933",
"url": "https://bugzilla.suse.com/1268592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "important"
}
],
"title": "CVE-2026-48933"
},
{
"cve": "CVE-2026-48934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48934"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48934",
"url": "https://www.suse.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "SUSE Bug 1268608 for CVE-2026-48934",
"url": "https://bugzilla.suse.com/1268608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-48934"
},
{
"cve": "CVE-2026-48935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48935"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. `--allow-fs-read`.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48935",
"url": "https://www.suse.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "SUSE Bug 1268609 for CVE-2026-48935",
"url": "https://bugzilla.suse.com/1268609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-48935"
},
{
"cve": "CVE-2026-48937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48937"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a `GOAWAY` frame. This vulnerability affects two supported release lines: **Node.js 22** and **Node.js 24**.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48937",
"url": "https://www.suse.com/security/cve/CVE-2026-48937"
},
{
"category": "external",
"summary": "SUSE Bug 1268555 for CVE-2026-48937",
"url": "https://bugzilla.suse.com/1268555"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-48937"
},
{
"cve": "CVE-2026-6733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6733"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nUndici\u0027s HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it associates the injected response with the new request, causing responses to be delivered to the wrong requests.\n\nThis requires an attacker-controlled or compromised upstream HTTP/1.1 server and keep-alive connection reuse.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nDisable keep-alive connection reuse by setting keepAliveTimeout: 0 on the Client or Pool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6733",
"url": "https://www.suse.com/security/cve/CVE-2026-6733"
},
{
"category": "external",
"summary": "SUSE Bug 1268479 for CVE-2026-6733",
"url": "https://bugzilla.suse.com/1268479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "low"
}
],
"title": "CVE-2026-6733"
},
{
"cve": "CVE-2026-9496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9496"
}
],
"notes": [
{
"category": "general",
"text": "Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function\u0027s regex replacement and string-manipulation logic, causing excessive CPU consumption and potentially stalling or crashing the process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9496",
"url": "https://www.suse.com/security/cve/CVE-2026-9496"
},
{
"category": "external",
"summary": "SUSE Bug 1266318 for CVE-2026-9496",
"url": "https://bugzilla.suse.com/1266318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-9496"
},
{
"cve": "CVE-2026-9679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9679"
}
],
"notes": [
{
"category": "general",
"text": "Impact:\nundici\u0027s cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 5.4 does not specify any decoding and browsers do not decode either.\n\nApplications that parse a Set-Cookie header and then forward the parsed value into a response header (proxies, middleware, SSR frameworks) become vulnerable to HTTP response header injection: an attacker-controlled upstream can inject arbitrary Set-Cookie, Location, or Cache-Control headers into the application\u0027s downstream response, enabling session fixation, open redirect, or cache poisoning.\n\nAffected applications are those that use undici\u0027s cookie parsing (parseSetCookie, parseCookie, getSetCookies) and forward the parsed cookie value into a response header.\n\nThis was introduced in undici 7.0.0 via PR #3789.\n\nPatches:\nUpgrade to undici v6.26.0, v7.28.0 or v8.5.0.\n\nWorkarounds:\nIf upgrade is not immediately possible, do not forward values returned by parseSetCookie/parseCookie/getSetCookies directly into response headers; sanitize the value first to strip or reject CR, LF, NUL, ;, and = bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9679",
"url": "https://www.suse.com/security/cve/CVE-2026-9679"
},
{
"category": "external",
"summary": "SUSE Bug 1268477 for CVE-2026-9679",
"url": "https://bugzilla.suse.com/1268477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-devel-22.23.0-150600.13.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nodejs22-docs-22.23.0-150600.13.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:npm22-22.23.0-150600.13.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-26T10:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2026-9679"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.