Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-25223 (GCVE-0-2026-25223)
Vulnerability from cvelistv5 – Published: 2026-02-03 21:21 – Updated: 2026-02-04 21:18
VLAI?
EPSS
Title
Fastify's Content-Type header tab character allows body validation bypass
Summary
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (\t) followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server still processes the body as the original content type. This issue has been patched in version 5.7.2.
Severity ?
7.5 (High)
CWE
- CWE-436 - Interpretation Conflict
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T21:18:10.359742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T21:18:16.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fastify",
"vendor": "fastify",
"versions": [
{
"status": "affected",
"version": "\u003c 5.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (\\t) followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server still processes the body as the original content type. This issue has been patched in version 5.7.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-436",
"description": "CWE-436: Interpretation Conflict",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T21:21:40.268Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq"
},
{
"name": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821"
},
{
"name": "https://hackerone.com/reports/3464114",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/3464114"
},
{
"name": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization",
"tags": [
"x_refsource_MISC"
],
"url": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization"
},
{
"name": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125"
},
{
"name": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272"
}
],
"source": {
"advisory": "GHSA-jx2c-rxcm-jvmq",
"discovery": "UNKNOWN"
},
"title": "Fastify\u0027s Content-Type header tab character allows body validation bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25223",
"datePublished": "2026-02-03T21:21:40.268Z",
"dateReserved": "2026-01-30T14:44:47.327Z",
"dateUpdated": "2026-02-04T21:18:16.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-25223\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-03T22:16:31.130\",\"lastModified\":\"2026-02-10T20:05:15.127\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (\\\\t) followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server still processes the body as the original content type. This issue has been patched in version 5.7.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-436\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fastify:fastify:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"5.7.2\",\"matchCriteriaId\":\"51FAFCEB-4FBC-4777-BC6D-91713CA5828A\"}]}]}],\"references\":[{\"url\":\"https://fastify.dev/docs/latest/Reference/Validation-and-Serialization\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Technical Description\"]},{\"url\":\"https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\",\"Mitigation\"]},{\"url\":\"https://hackerone.com/reports/3464114\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Permissions Required\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25223\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-04T21:18:10.359742Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-04T21:18:14.142Z\"}}], \"cna\": {\"title\": \"Fastify\u0027s Content-Type header tab character allows body validation bypass\", \"source\": {\"advisory\": \"GHSA-jx2c-rxcm-jvmq\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"fastify\", \"product\": \"fastify\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 5.7.2\"}]}], \"references\": [{\"url\": \"https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq\", \"name\": \"https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821\", \"name\": \"https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://hackerone.com/reports/3464114\", \"name\": \"https://hackerone.com/reports/3464114\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://fastify.dev/docs/latest/Reference/Validation-and-Serialization\", \"name\": \"https://fastify.dev/docs/latest/Reference/Validation-and-Serialization\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125\", \"name\": \"https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272\", \"name\": \"https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (\\\\t) followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server still processes the body as the original content type. This issue has been patched in version 5.7.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-436\", \"description\": \"CWE-436: Interpretation Conflict\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-03T21:21:40.268Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-25223\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-04T21:18:16.693Z\", \"dateReserved\": \"2026-01-30T14:44:47.327Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-03T21:21:40.268Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
GHSA-JX2C-RXCM-JVMQ
Vulnerability from github – Published: 2026-02-02 22:23 – Updated: 2026-02-04 17:46
VLAI?
Summary
Fastify's Content-Type header tab character allows body validation bypass
Details
Impact
A validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (\t) followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server still processes the body as the original content type.
For example, a request with Content-Type: application/json\ta will bypass JSON schema validation but still be parsed as JSON.
This vulnerability affects all Fastify users who rely on Content-Type-based body validation schemas to enforce data integrity or security constraints. The concrete impact depends on the handler implementation and the level of trust placed in the validated request body, but at the library level, this allows complete bypass of body validation for any handler using Content-Type-discriminated schemas.
This issue is a regression or missed edge case from the fix for a previously reported vulnerability.
Patches
This vulnerability has been patched in Fastify v5.7.2. All users should upgrade to this version or later immediately.
Workarounds
If upgrading is not immediately possible, user can implement a custom onRequest hook to reject requests containing tab characters in the Content-Type header:
fastify.addHook('onRequest', async (request, reply) => {
const contentType = request.headers['content-type']
if (contentType && contentType.includes('\t')) {
reply.code(400).send({ error: 'Invalid Content-Type header' })
}
})
Resources
- https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272
- https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125
- Fastify Validation and Serialization Documentation
- https://hackerone.com/reports/3464114
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "fastify"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.7.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25223"
],
"database_specific": {
"cwe_ids": [
"CWE-436"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-02T22:23:29Z",
"nvd_published_at": "2026-02-03T22:16:31Z",
"severity": "HIGH"
},
"details": "### Impact\n\nA validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (`\\t`) followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server still processes the body as the original content type.\n\nFor example, a request with `Content-Type: application/json\\ta` will bypass JSON schema validation but still be parsed as JSON.\n\nThis vulnerability affects all Fastify users who rely on Content-Type-based body validation schemas to enforce data integrity or security constraints. The concrete impact depends on the handler implementation and the level of trust placed in the validated request body, but at the library level, this allows complete bypass of body validation for any handler using Content-Type-discriminated schemas.\n\nThis issue is a regression or missed edge case from the fix for a previously reported vulnerability.\n\n### Patches\n\nThis vulnerability has been patched in **Fastify v5.7.2**. All users should upgrade to this version or later immediately.\n\n### Workarounds\n\nIf upgrading is not immediately possible, user can implement a custom `onRequest` hook to reject requests containing tab characters in the Content-Type header:\n\n```javascript\nfastify.addHook(\u0027onRequest\u0027, async (request, reply) =\u003e {\n const contentType = request.headers[\u0027content-type\u0027]\n if (contentType \u0026\u0026 contentType.includes(\u0027\\t\u0027)) {\n reply.code(400).send({ error: \u0027Invalid Content-Type header\u0027 })\n }\n})\n```\n\n### Resources\n\n- https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272\n- https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125\n- [Fastify Validation and Serialization Documentation](https://fastify.dev/docs/latest/Reference/Validation-and-Serialization/)\n- https://hackerone.com/reports/3464114",
"id": "GHSA-jx2c-rxcm-jvmq",
"modified": "2026-02-04T17:46:02Z",
"published": "2026-02-02T22:23:29Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25223"
},
{
"type": "WEB",
"url": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/3464114"
},
{
"type": "WEB",
"url": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization"
},
{
"type": "PACKAGE",
"url": "https://github.com/fastify/fastify"
},
{
"type": "WEB",
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125"
},
{
"type": "WEB",
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Fastify\u0027s Content-Type header tab character allows body validation bypass"
}
RHSA-2026:5807
Vulnerability from csaf_redhat - Published: 2026-03-25 12:32 - Updated: 2026-04-02 08:27Summary
Red Hat Security Advisory: RHOAI 2.16.4 - Red Hat OpenShift AI
Severity
Important
Notes
Topic: Updated images are now available for Red Hat OpenShift AI.
Details: Release of RHOAI 2.16.4 provides these changes:
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A local privilege escalation vulnerability has been discovered in containerd. This vulnerability is the result of an overly broad default permission which allows local users on the host to potentially access the metadata store, the content store and the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.
7.7 (High)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
Workaround
The system administrator on the host can manually chmod the directories to not
have group or world accessible permissions:
```
chmod 700 /var/lib/containerd
chmod 700 /run/containerd/io.containerd.grpc.v1.cri
chmod 700 /run/containerd/io.containerd.sandbox.controller.v1.shim
```
An alternative mitigation would be to run containerd in rootless mode.
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with permissions to deploy a CR.
5.9 (Medium)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
A path traversal flaw has been discovered in the keras Python library. when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder.
8.3 (High)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A path traversal flaw has been discovered in Keras. The vulnerability arises because the function uses Python's tarfile.extractall() method without the security-critical filter='data' parameter. Although Keras attempts to filter unsafe paths using filter_safe_paths(), this filtering occurs before extraction, and a PATH_MAX symlink resolution bug triggers during extraction. This bug causes symlink resolution to fail due to path length limits, resulting in a security bypass that allows files to be written outside the intended extraction directory.
7.6 (High)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.
8.7 (High)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.
5.3 (Medium)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
7.5 (High)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
A path traversal and arbitrary file overwrite vulnerability has been identified in Argo Workflows during the extraction of archived artifacts, where symbolic links inside a crafted archive are not safely validated before file extraction. An attacker could exploit this flaw by submitting a malicious archive containing symbolic links that point outside the intended extraction directory, causing files to be written or overwritten in unintended locations within the workflow pod. Successful exploitation may allow an attacker to overwrite execution control files and achieve arbitrary command execution during pod startup.
8.3 (High)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.
7.5 (High)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
Workaround
To mitigate this issue, applications using the `Expr` library should ensure that evaluation environments do not contain cyclic references. Additionally, externally supplied data structures must be validated or sanitized before being passed to `Expr` for evaluation. As a last-resort defensive measure, expression evaluation can be wrapped with panic recovery to prevent a full process crash.
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
7.5 (High)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
Workaround
To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.
A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.
7.5 (High)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.
7.5 (High)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.
7.5 (High)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Fastify, a web framework for Node.js. A remote attacker can exploit a validation bypass vulnerability by appending a tab character followed by arbitrary content to the Content-Type header. This circumvents the request body validation schemas, allowing the server to process the body as the original content type without proper validation. This could lead to unexpected data processing and potential integrity impact.
7.5 (High)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
7.5 (High)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A denial of service flaw has been discovered in the flatted npm library. flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process.
7.5 (High)
Vendor Fix
For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.redhat.com/en/documentation/red_hat_openshift_ai/
https://access.redhat.com/errata/RHSA-2026:5807
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat OpenShift AI.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of RHOAI 2.16.4 provides these changes:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5807",
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-25621",
"url": "https://access.redhat.com/security/cve/CVE-2024-25621"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12060",
"url": "https://access.redhat.com/security/cve/CVE-2025-12060"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12638",
"url": "https://access.redhat.com/security/cve/CVE-2025-12638"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6193",
"url": "https://access.redhat.com/security/cve/CVE-2025-6193"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66626",
"url": "https://access.redhat.com/security/cve/CVE-2025-66626"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68156",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1526",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1528",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2229",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25223",
"url": "https://access.redhat.com/security/cve/CVE-2026-25223"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32141",
"url": "https://access.redhat.com/security/cve/CVE-2026-32141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5807.json"
}
],
"title": "Red Hat Security Advisory: RHOAI 2.16.4 - Red Hat OpenShift AI",
"tracking": {
"current_release_date": "2026-04-02T08:27:07+00:00",
"generator": {
"date": "2026-04-02T08:27:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:5807",
"initial_release_date": "2026-03-25T12:32:51+00:00",
"revision_history": [
{
"date": "2026-03-25T12:32:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-25T12:33:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-02T08:27:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift AI 2.16",
"product": {
"name": "Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_ai:2.16::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"product_id": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-codeflare-operator-rhel8@sha256%3Ab68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282100"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel8@sha256%3A022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282136"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-argoexec-rhel8@sha256%3Afd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282136"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256%3A4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774288148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-operator-controller-rhel8@sha256%3A64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282078"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kf-notebook-controller-rhel8@sha256%3Ab26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282201"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kuberay-operator-controller-rhel8@sha256%3A9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282134"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kueue-controller-rhel8@sha256%3Af38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-api-server-v2-rhel8@sha256%3Ac46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282268"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-driver-rhel8@sha256%3A0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282328"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-launcher-rhel8@sha256%3Ab82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256%3A9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282159"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256%3A87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mlmd-grpc-server-rhel8@sha256%3A07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774283932"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mm-rest-proxy-rhel8@sha256%3Aace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282095"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel8@sha256%3Aa880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774286327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-operator-rhel8@sha256%3A8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-rhel8@sha256%3A14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282092"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel8@sha256%3Aa291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774283191"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-serving-controller-rhel8@sha256%3Aae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282244"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-rhel8@sha256%3Aabdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282058"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"product_id": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-notebook-controller-rhel8@sha256%3Aaa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282170"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"product_id": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-operator-bundle@sha256%3A9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774296584"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel8-operator@sha256%3A2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774293140"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"product_id": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-training-operator-rhel8@sha256%3A6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-operator-rhel8@sha256%3A297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774285579"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-rhel8@sha256%3A92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282073"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-25621",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2025-11-06T19:01:04.402278+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2413190"
}
],
"notes": [
{
"category": "description",
"text": "A local privilege escalation vulnerability has been discovered in containerd. This vulnerability is the result of an overly broad default permission which allows local users on the host to potentially access the metadata store, the content store and the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd local privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-25621"
},
{
"category": "external",
"summary": "RHBZ#2413190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413190"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/blob/main/docs/rootless.md",
"url": "https://github.com/containerd/containerd/blob/main/docs/rootless.md"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5",
"url": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w"
}
],
"release_date": "2025-11-06T18:36:21.566000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "The system administrator on the host can manually chmod the directories to not\nhave group or world accessible permissions:\n```\nchmod 700 /var/lib/containerd\nchmod 700 /run/containerd/io.containerd.grpc.v1.cri\nchmod 700 /run/containerd/io.containerd.sandbox.controller.v1.shim\n```\nAn alternative mitigation would be to run containerd in rootless mode.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/containerd/containerd: containerd local privilege escalation"
},
{
"cve": "CVE-2025-6193",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-06-20T14:05:07.010000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374032"
}
],
"notes": [
{
"category": "description",
"text": "A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pod\u0027s terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with permissions to deploy a CR.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "trustyai-explainability: command injection via LMEvalJob CR",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6193"
},
{
"category": "external",
"summary": "RHBZ#2374032",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374032"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6193"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6193",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6193"
},
{
"category": "external",
"summary": "https://github.com/trustyai-explainability/trustyai-service-operator/pull/504",
"url": "https://github.com/trustyai-explainability/trustyai-service-operator/pull/504"
}
],
"release_date": "2025-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "trustyai-explainability: command injection via LMEvalJob CR"
},
{
"cve": "CVE-2025-12060",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-10-30T18:01:32.193676+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407443"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the keras Python library. when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python\u0027s tarfile.extractall function without the filter=\"data\" feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keras: Keras Path Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12060"
},
{
"category": "external",
"summary": "RHBZ#2407443",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407443"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/pull/21760",
"url": "https://github.com/keras-team/keras/pull/21760"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9",
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9"
}
],
"release_date": "2025-10-30T17:10:43.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keras: Keras Path Traversal Vulnerability"
},
{
"cve": "CVE-2025-12638",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-11-28T15:01:10.693633+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417711"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in Keras. The vulnerability arises because the function uses Python\u0027s tarfile.extractall() method without the security-critical filter=\u0027data\u0027 parameter. Although Keras attempts to filter unsafe paths using filter_safe_paths(), this filtering occurs before extraction, and a PATH_MAX symlink resolution bug triggers during extraction. This bug causes symlink resolution to fail due to path length limits, resulting in a security bypass that allows files to be written outside the intended extraction directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keras: Path Traversal Vulnerability in keras",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12638"
},
{
"category": "external",
"summary": "RHBZ#2417711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12638"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12638",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12638"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951",
"url": "https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4",
"url": "https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4"
}
],
"release_date": "2025-11-28T14:06:02.069000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keras: Path Traversal Vulnerability in keras"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66626",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"discovery_date": "2025-12-09T21:01:10.560389+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420818"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal and arbitrary file overwrite vulnerability has been identified in Argo Workflows during the extraction of archived artifacts, where symbolic links inside a crafted archive are not safely validated before file extraction. An attacker could exploit this flaw by submitting a malicious archive containing symbolic links that point outside the intended extraction directory, causing files to be written or overwritten in unintended locations within the workflow pod. Successful exploitation may allow an attacker to overwrite execution control files and achieve arbitrary command execution during pod startup.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/argoproj/argo-workflows: argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as High severity (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H, 8.3) because an attacker with basic workflow submission privileges can supply a specially crafted archive that is automatically extracted without proper validation. The attack complexity is low and does not require user interaction once the malicious workflow is submitted. Successful exploitation allows arbitrary file overwrite within the affected pod, including critical execution files, which can result in code execution at pod startup. While the impact is generally limited to the compromised pod and does not directly lead to host-level compromise, the integrity and availability impacts within the container are significant, justifying a High severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66626"
},
{
"category": "external",
"summary": "RHBZ#2420818",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420818"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66626",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66626"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66626",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66626"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-p84v-gxvw-73pf",
"url": "https://github.com/advisories/GHSA-p84v-gxvw-73pf"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/blob/5291e0b01f94ba864f96f795bb500f2cfc5ad799/workflow/executor/executor.go#L1034-L1037",
"url": "https://github.com/argoproj/argo-workflows/blob/5291e0b01f94ba864f96f795bb500f2cfc5ad799/workflow/executor/executor.go#L1034-L1037"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/commit/6b92af23f35aed4d4de8b04adcaf19d68f006de1",
"url": "https://github.com/argoproj/argo-workflows/commit/6b92af23f35aed4d4de8b04adcaf19d68f006de1"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xrqc-7xgx-c9vh",
"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xrqc-7xgx-c9vh"
}
],
"release_date": "2025-12-09T20:19:14.680000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/argoproj/argo-workflows: argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links"
},
{
"cve": "CVE-2025-68156",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-16T19:01:42.049157+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2422891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products utilizing the `Expr` Go library because it can lead to a denial-of-service. Exploitation requires an application to evaluate expressions against untrusted or insufficiently validated data structures containing deeply nested or cyclic references, which can cause a stack overflow and application crash. Products that do not process untrusted input with `Expr` are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "RHBZ#2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/pull/870",
"url": "https://github.com/expr-lang/expr/pull/870"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6",
"url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
}
],
"release_date": "2025-12-16T18:24:11.648000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications using the `Expr` library should ensure that evaluation environments do not contain cyclic references. Additionally, externally supplied data structures must be validated or sanitized before being passed to `Expr` for evaluation. As a last-resort defensive measure, expression evaluation can be wrapped with panic recovery to prevent a full process crash.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-1526",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:25.538271+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447142"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "RHBZ#2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3481206",
"url": "https://hackerone.com/reports/3481206"
}
],
"release_date": "2026-03-12T20:08:05.950000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression"
},
{
"cve": "CVE-2026-1528",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:36.954017+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447145"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici\u0027s ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via crafted WebSocket frame with large length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "RHBZ#2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3537648",
"url": "https://hackerone.com/reports/3537648"
}
],
"release_date": "2026-03-12T20:21:57.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via crafted WebSocket frame with large length"
},
{
"cve": "CVE-2026-2229",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:29.187989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447143"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client\u0027s Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "RHBZ#2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487486",
"url": "https://hackerone.com/reports/3487486"
},
{
"category": "external",
"summary": "https://nodejs.org/api/zlib.html#class-zlibinflateraw",
"url": "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
}
],
"release_date": "2026-03-12T20:27:05.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter"
},
{
"cve": "CVE-2026-25223",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2026-02-03T22:01:19.884891+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436560"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fastify, a web framework for Node.js. A remote attacker can exploit a validation bypass vulnerability by appending a tab character followed by arbitrary content to the Content-Type header. This circumvents the request body validation schemas, allowing the server to process the body as the original content type without proper validation. This could lead to unexpected data processing and potential integrity impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Fastify: Fastify: Validation bypass due to malformed Content-Type header leading to integrity impact",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT vulnerability in Fastify, a Node.js web framework, allows remote attackers to bypass request body validation by manipulating the Content-Type header. This can lead to unexpected data processing and integrity issues in applications. Red Hat products such as Red Hat Enterprise Linux AI, Red Hat OpenShift AI, and Red Hat OpenShift Dev Spaces are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25223"
},
{
"category": "external",
"summary": "RHBZ#2436560",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436560"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25223",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25223"
},
{
"category": "external",
"summary": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization",
"url": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125",
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272",
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821",
"url": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq",
"url": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3464114",
"url": "https://hackerone.com/reports/3464114"
}
],
"release_date": "2026-02-03T21:21:40.268000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Fastify: Fastify: Validation bypass due to malformed Content-Type header leading to integrity impact"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T08:01:07.142613+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-32141",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T19:01:30.987208+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447083"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the flatted npm library. flatted\u0027s parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flatted: flatted: Unbounded recursion DoS in parse() revive phase",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32141"
},
{
"category": "external",
"summary": "RHBZ#2447083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32141"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606",
"url": "https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/pull/88",
"url": "https://github.com/WebReflection/flatted/pull/88"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f",
"url": "https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f"
}
],
"release_date": "2026-03-12T18:08:09.634000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "flatted: flatted: Unbounded recursion DoS in parse() revive phase"
}
]
}
RHSA-2026:6192
Vulnerability from csaf_redhat - Published: 2026-03-30 15:41 - Updated: 2026-04-02 08:27Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.27.0 Release.
Severity
Important
Notes
Topic: Red Hat OpenShift Dev Spaces 3.27.0 has been released.
Details: Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.27 release is based on Eclipse Che 7.115 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces supports OpenShift EUS releases v4.16 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#crw
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.
8.2 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
Workaround
To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.
A flaw was found in Traefik's plugin installation mechanism. This vulnerability allows remote code execution, privilege escalation, persistence, or application-level denial of service via a crafted ZIP archive exploiting a path traversal vector.
6.4 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
Workaround
To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
Workaround
To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
Workaround
To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.
A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
Workaround
To mitigate this vulnerability, consider disabling the static handler cache by configuring the StaticHandler instance with setCachingEnabled(false), for example:
~~~
StaticHandler staticHandler = StaticHandler.create().setCachingEnabled(false);
~~~
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability exists in the ACME TLS-ALPN fast path, where unauthenticated clients can exploit it. By initiating numerous connections and sending a minimal ClientHello with "acme-tls/1" before ceasing communication, a malicious client can indefinitely tie up system resources such as "go routines" (lightweight threads) and file descriptors. This leads to a Denial of Service (DoS) of the entry point, making the service unavailable to legitimate users.
5.9 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the system.
8.2 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the `path-reservations` system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially crafted tar archive containing filenames that cause these collisions, bypassing internal concurrency safeguards. Successful exploitation can lead to arbitrary file overwrite.
8.8 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
7.1 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink creation, enabling the attacker to create hardlinks to arbitrary files outside the intended extraction directory. This could lead to unauthorized information disclosure or further system compromise.
8.2 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in Fastify, a web framework for Node.js. A remote attacker can exploit a validation bypass vulnerability by appending a tab character followed by arbitrary content to the Content-Type header. This circumvents the request body validation schemas, allowing the server to process the body as the original content type without proper validation. This could lead to unexpected data processing and potential integrity impact.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. An unauthenticated client can exploit this vulnerability by sending a specific 8-byte Postgres SSLRequest (STARTTLS) prelude and then intentionally delaying further communication. This action bypasses Traefik's configured read timeouts, causing connections to remain open indefinitely. The primary consequence is a Denial of Service, as the server's resources become exhausted by these persistent, non-responsive connections.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the archive, bypassing existing path protections. This can lead to unauthorized access and modification of sensitive system files.
7.1 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6192
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.27.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\nThe 3.27 release is based on Eclipse Che 7.115 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\nUsers still using the v1 standard should migrate as soon as possible.\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\nDev Spaces supports OpenShift EUS releases v4.16 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates.\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6192",
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.27/html/administration_guide/installing-devspaces",
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.27/html/administration_guide/installing-devspaces"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13465",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-54386",
"url": "https://access.redhat.com/security/cve/CVE-2025-54386"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1002",
"url": "https://access.redhat.com/security/cve/CVE-2026-1002"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22045",
"url": "https://access.redhat.com/security/cve/CVE-2026-22045"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-23745",
"url": "https://access.redhat.com/security/cve/CVE-2026-23745"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-23950",
"url": "https://access.redhat.com/security/cve/CVE-2026-23950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24842",
"url": "https://access.redhat.com/security/cve/CVE-2026-24842"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25223",
"url": "https://access.redhat.com/security/cve/CVE-2026-25223"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25949",
"url": "https://access.redhat.com/security/cve/CVE-2026-25949"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26960",
"url": "https://access.redhat.com/security/cve/CVE-2026-26960"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6192.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.27.0 Release.",
"tracking": {
"current_release_date": "2026-04-02T08:27:09+00:00",
"generator": {
"date": "2026-04-02T08:27:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:6192",
"initial_release_date": "2026-03-30T15:41:48+00:00",
"revision_history": [
{
"date": "2026-03-30T15:41:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-30T15:41:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-02T08:27:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3.27",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3.27::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Adf538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774070844"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774448966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Ad0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774422248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774155063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774476526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774587761"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774414236"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Ab260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774607447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Ade4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774228740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774227265"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774451954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774143680"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774070844"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774448966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Aca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774422248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Ad160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774155063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Aff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774476526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774587761"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774414236"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3A70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Ab47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Ab98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774607447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Addbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774228740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3Ae9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774227265"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Af6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774451954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Adb2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774143680"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774070844"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3Acad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774448966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774422248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Aacaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774155063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774476526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774587761"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774414236"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Ac82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Aaae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Ab317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774607447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3Ac51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774228740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3Ab5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774227265"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774451954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774143680"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774448966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Aed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774422248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774155063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Ae139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774476526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774587761"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3Aed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774414236"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Aef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774607447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256%3Ad25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774609756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Ab6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774228740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774227265"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Acef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774451954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Ae5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774143680"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Ae095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774070844"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13465",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2026-01-21T20:01:28.774829+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: prototype pollution in _.unset and _.omit functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.\n\nThe lodash dependency is bundled and used by the pcs-web-ui component of the PCS package. In Red Hat Enterprise Linux 8.10, the pcs-web-ui component is no longer included in the PCS package. As a result, RHEL 8.10 does not ship the vulnerable lodash component within PCS and is therefore not-affected by this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "RHBZ#2431740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-01-21T19:05:28.846000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: prototype pollution in _.unset and _.omit functions"
},
{
"cve": "CVE-2025-54386",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-02T00:00:54.513784+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2386070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik\u0027s plugin installation mechanism. This vulnerability allows remote code execution, privilege escalation, persistence, or application-level denial of service via a crafted ZIP archive exploiting a path traversal vector.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "traefik: Traefik\u0027s Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-54386"
},
{
"category": "external",
"summary": "RHBZ#2386070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-54386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54386"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-54386",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54386"
},
{
"category": "external",
"summary": "https://github.com/traefik/plugin-service/pull/71",
"url": "https://github.com/traefik/plugin-service/pull/71"
},
{
"category": "external",
"summary": "https://github.com/traefik/plugin-service/pull/72",
"url": "https://github.com/traefik/plugin-service/pull/72"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800",
"url": "https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/pull/11911",
"url": "https://github.com/traefik/traefik/pull/11911"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v2.11.28",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.28"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg"
}
],
"release_date": "2025-08-01T23:32:21.747000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "traefik: Traefik\u0027s Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Unexpected session resumption in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Unexpected session resumption in crypto/tls"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-1002",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-01-15T21:03:20.088599+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430180"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability allows a remote attacker to block access to specific static files, such as images, CSS or HTML files. However, the underlying Vert.x server, the API endpoints and other non-cached resources are not affected. Due to this reason, this issue has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1002"
},
{
"category": "external",
"summary": "RHBZ#2430180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1002",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1002"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/5895",
"url": "https://github.com/eclipse-vertx/vert.x/pull/5895"
}
],
"release_date": "2026-01-15T20:50:25.642000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, consider disabling the static handler cache by configuring the StaticHandler instance with setCachingEnabled(false), for example:\n\n~~~\nStaticHandler staticHandler = StaticHandler.create().setCachingEnabled(false);\n~~~",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files"
},
{
"cve": "CVE-2026-22045",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-15T23:01:12.589198+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430198"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability exists in the ACME TLS-ALPN fast path, where unauthenticated clients can exploit it. By initiating numerous connections and sending a minimal ClientHello with \"acme-tls/1\" before ceasing communication, a malicious client can indefinitely tie up system resources such as \"go routines\" (lightweight threads) and file descriptors. This leads to a Denial of Service (DoS) of the entry point, making the service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "traefik: Traefik: Denial of Service via ACME TLS-ALPN fast path resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. In the Red Hat context, this flaw affects Traefik as deployed in Red Hat OpenShift Dev Spaces. An unauthenticated attacker can exploit the ACME TLS-ALPN fast path to exhaust system resources, leading to a denial of service of the entry point.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22045"
},
{
"category": "external",
"summary": "RHBZ#2430198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430198"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22045"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22045",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22045"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/commit/e9f3089e9045812bcf1b410a9d40568917b26c3d",
"url": "https://github.com/traefik/traefik/commit/e9f3089e9045812bcf1b410a9d40568917b26c3d"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v2.11.35",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.35"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.6.7",
"url": "https://github.com/traefik/traefik/releases/tag/v3.6.7"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-cwjm-3f7h-9hwq",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-cwjm-3f7h-9hwq"
}
],
"release_date": "2026-01-15T22:44:05.423000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "traefik: Traefik: Denial of Service via ACME TLS-ALPN fast path resource exhaustion"
},
{
"cve": "CVE-2026-23745",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-16T23:01:26.508727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430538"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the node-tar library. The flaw allows an attacker to perform arbitrary file overwrite and symlink poisoning by crafting malicious tar archives. This occurs due to insufficient path sanitization of hardlink and symbolic link entries, even when the default secure behavior (preservePaths is false) is enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23745"
},
{
"category": "external",
"summary": "RHBZ#2430538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e",
"url": "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97"
}
],
"release_date": "2026-01-16T22:00:08.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives"
},
{
"cve": "CVE-2026-23950",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-01-20T02:00:55.870044+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431036"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the `path-reservations` system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially crafted tar archive containing filenames that cause these collisions, bypassing internal concurrency safeguards. Successful exploitation can lead to arbitrary file overwrite.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The `node-tar` library is susceptible to a race condition due to incomplete handling of Unicode path collisions, which can lead to arbitrary file overwrites via symlink poisoning. However, this issue primarily affects case-insensitive or normalization-insensitive filesystems. Red Hat Enterprise Linux and other Red Hat products typically utilize case-sensitive filesystems, which may limit the direct impact of this flaw in default configurations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23950"
},
{
"category": "external",
"summary": "RHBZ#2431036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431036"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23950"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6",
"url": "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w"
}
],
"release_date": "2026-01-20T00:40:48.510000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
},
{
"cve": "CVE-2026-24842",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2026-01-28T01:01:16.886629+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433645"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink creation, enabling the attacker to create hardlinks to arbitrary files outside the intended extraction directory. This could lead to unauthorized information disclosure or further system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT vulnerability in node-tar, a Node.js module for handling TAR archives. The flaw allows an attacker to bypass path traversal protections by crafting a malicious TAR archive. This could lead to the creation of hardlinks to arbitrary files outside the intended extraction directory, potentially resulting in unauthorized information disclosure or further system compromise in affected Red Hat products utilizing node-tar for archive processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24842"
},
{
"category": "external",
"summary": "RHBZ#2433645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46",
"url": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v"
}
],
"release_date": "2026-01-28T00:20:13.261000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check"
},
{
"cve": "CVE-2026-25223",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2026-02-03T22:01:19.884891+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436560"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fastify, a web framework for Node.js. A remote attacker can exploit a validation bypass vulnerability by appending a tab character followed by arbitrary content to the Content-Type header. This circumvents the request body validation schemas, allowing the server to process the body as the original content type without proper validation. This could lead to unexpected data processing and potential integrity impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Fastify: Fastify: Validation bypass due to malformed Content-Type header leading to integrity impact",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT vulnerability in Fastify, a Node.js web framework, allows remote attackers to bypass request body validation by manipulating the Content-Type header. This can lead to unexpected data processing and integrity issues in applications. Red Hat products such as Red Hat Enterprise Linux AI, Red Hat OpenShift AI, and Red Hat OpenShift Dev Spaces are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25223"
},
{
"category": "external",
"summary": "RHBZ#2436560",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436560"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25223",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25223"
},
{
"category": "external",
"summary": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization",
"url": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125",
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272",
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821",
"url": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq",
"url": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3464114",
"url": "https://hackerone.com/reports/3464114"
}
],
"release_date": "2026-02-03T21:21:40.268000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Fastify: Fastify: Validation bypass due to malformed Content-Type header leading to integrity impact"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25949",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-02-12T21:01:13.761844+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439522"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik, an HTTP reverse proxy and load balancer. An unauthenticated client can exploit this vulnerability by sending a specific 8-byte Postgres SSLRequest (STARTTLS) prelude and then intentionally delaying further communication. This action bypasses Traefik\u0027s configured read timeouts, causing connections to remain open indefinitely. The primary consequence is a Denial of Service, as the server\u0027s resources become exhausted by these persistent, non-responsive connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/traefik/traefik: Traefik: Denial of Service via stalled STARTTLS requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT denial of service flaw in Traefik, an HTTP reverse proxy and load balancer, affecting Red Hat OpenShift Dev Spaces. An unauthenticated client can exploit this by sending a specific STARTTLS request and then stalling, which bypasses configured read timeouts and causes connections to remain open indefinitely, leading to resource exhaustion.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25949"
},
{
"category": "external",
"summary": "RHBZ#2439522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25949",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25949"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/commit/31e566e9f1d7888ccb6fbc18bfed427203c35678",
"url": "https://github.com/traefik/traefik/commit/31e566e9f1d7888ccb6fbc18bfed427203c35678"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.6.8",
"url": "https://github.com/traefik/traefik/releases/tag/v3.6.8"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-89p3-4642-cr2w",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-89p3-4642-cr2w"
}
],
"release_date": "2026-02-12T20:01:19.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/traefik/traefik: Traefik: Denial of Service via stalled STARTTLS requests"
},
{
"cve": "CVE-2026-26960",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-20T02:01:07.883769+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the archive, bypassing existing path protections. This can lead to unauthorized access and modification of sensitive system files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar: node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat environments, this condition introduces a significant constraint, as exploitation requires user interaction and reliance on unsafe handling of externally supplied archives. The attack is not remotely exploitable in isolation and depends on a user or service processing attacker-controlled input.\n\nFurthermore, the impact of the vulnerability is limited to the privileges of the extracting process. In typical Red Hat deployments, archive extraction is performed by non-privileged users or within confined environments such as containers or restricted service contexts, which limits the scope of potential damage.\n\nRed Hat analysis also notes that this issue does not provide a direct mechanism for code execution or privilege escalation, but rather enables file system manipulation within the boundaries of the executing user\u2019s permissions.\n\nGiven the requirement for user-assisted exploitation, the absence of a direct remote attack vector, and the confinement of impact to the privileges of the extracting process, Red Hat considers the practical risk to be lower than the generalized NVD assessment. As a result, this vulnerability is classified as Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26960"
},
{
"category": "external",
"summary": "RHBZ#2441253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26960"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384",
"url": "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f",
"url": "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx"
}
],
"release_date": "2026-02-20T01:07:52.979000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tar: node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
}
]
}
FKIE_CVE-2026-25223
Vulnerability from fkie_nvd - Published: 2026-02-03 22:16 - Updated: 2026-02-10 20:05
Severity ?
Summary
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (\t) followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server still processes the body as the original content type. This issue has been patched in version 5.7.2.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://fastify.dev/docs/latest/Reference/Validation-and-Serialization | Product, Technical Description | |
| security-advisories@github.com | https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125 | Product | |
| security-advisories@github.com | https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272 | Product | |
| security-advisories@github.com | https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821 | Patch | |
| security-advisories@github.com | https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq | Vendor Advisory, Mitigation | |
| security-advisories@github.com | https://hackerone.com/reports/3464114 | Permissions Required |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fastify:fastify:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "51FAFCEB-4FBC-4777-BC6D-91713CA5828A",
"versionEndExcluding": "5.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (\\t) followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server still processes the body as the original content type. This issue has been patched in version 5.7.2."
},
{
"lang": "es",
"value": "Fastify es un framework web r\u00e1pido y de baja sobrecarga, para Node.js. Antes de la versi\u00f3n 5.7.2, existe una vulnerabilidad de omisi\u00f3n de validaci\u00f3n en Fastify donde los esquemas de validaci\u00f3n del cuerpo de la solicitud especificados por Content-Type pueden ser completamente eludidos. Al a\u00f1adir un car\u00e1cter de tabulaci\u00f3n (\\t) seguido de contenido arbitrario al encabezado Content-Type, los atacantes pueden omitir la validaci\u00f3n del cuerpo mientras el servidor sigue procesando el cuerpo como el tipo de contenido original. Este problema ha sido parcheado en la versi\u00f3n 5.7.2."
}
],
"id": "CVE-2026-25223",
"lastModified": "2026-02-10T20:05:15.127",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-02-03T22:16:31.130",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product",
"Technical Description"
],
"url": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory",
"Mitigation"
],
"url": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq"
},
{
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/3464114"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-436"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…